SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX Internet Failover Question

    Posted 05-24-2014 19:42

    We have setup our SRX240 Cluster with dual ISP's and Dual VPN tunnels on each respective ISP.  Each ISP handoff comes down to a small switch to be split across to both SRX in the cluster.  

    We have configured BFD for internal failover over the VPN tunnels and this works perfectly.  However, while simulating an ISP outage by disconnecting the ISP handoff to the switch that sits before the firewall, the primary Internet route stays active.

     

    So during the simulated outage our internal connectivity fails over but our internet (0.0.0.0/0) does not fail over.

     

    Can someone suggest a solution or point me in the right direction?  We were thinking of possibly Tracking the IP of the ISP gateway.

     

    Thank You,

     

    Ryan



  • 2.  RE: SRX Internet Failover Question
    Best Answer

    Posted 05-25-2014 06:18

    I like to use track ip to the ISP DNS servers instead of the gateway.  There are times when the gateway is still active but upstream issues on the ISP prevent internet access from working.  Tracking both of the DNS servers has worked better for me as a failure indicator of the ISP service.



  • 3.  RE: SRX Internet Failover Question

    Posted 05-27-2014 06:48

    hi,

     

    I think the following KB's will help you ;

     

    [SRX] IP monitoring with FBF (Filter Based Forwarding in a Dual ISP scenario):

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB22052&smlogin=true

     

    Regards,

    c_r

     

    Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!