ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
anoop82
Contributor
anoop82
Posts: 21
Registered: ‎05-29-2012
0

Policy based routing issue in SSG320M

Options

‎05-29-2012 09:33 AM

I have ssg320m..i have 2 ISP..  ISP 1 & ISP2.. ISP1 for mailing & ISP2 for rest traffic..

For this scenario i configured one default route for my ISP2 & create PBR for mail traffic on ISP1..

I have internel mail server which is mapped with a public ip..

 

its works fine but after 4 to 5 hours this public IP stop pinging from outside..means pbr stop working..

 

Pls give me some suggestion.. 

 

Message 1 of 5 (234 Views)
 
Reply
Recognized Expert Recognized Expert
Recognized Expert
sarab
Posts: 266
Registered: ‎05-12-2012
0

Re: Policy based routing issue in SSG320M

Options

‎05-29-2012 10:01 PM

Really strange issue !!!!!

 

few queries regarding this :

1. When you say public IP stops pinging from outside, I believe you mean from Internet, correct ?

2. Is this a new setup or was it working fine earlier ?

3. When you are unable to ping this public IP from outside, is the mail server also not able to communicate over internet ?

4. Did you get a chance to capture the traffic on firewall at the time of issue and saw something unusual ?

 

Moreover this PBR config must be from Internal IP to external and shouldn't be concerned with traffic from outside.

Message 2 of 5 (223 Views)
 
Reply
anoop82
Contributor
anoop82
Posts: 21
Registered: ‎05-29-2012
0

Re: Policy based routing issue in SSG320M

Options

‎05-29-2012 10:41 PM

its a new setup..

yes when i am unable to ping this public ip from outside, my mail server also not able to communicate over internet..

 

But when ping drop then put a default route to my ISP1 and remove it same time then i got the ping..and then its working fine for next 4-5 hours and again ping drop..

 

i am attaching my config & get route output.

Attachment config.txt ‏9 KB
Attachment Sh route.txt ‏2 KB
Message 3 of 5 (221 Views)
 
Reply
anoop82
Contributor
anoop82
Posts: 21
Registered: ‎05-29-2012
0

Re: Policy based routing issue in SSG320M

Options

‎05-29-2012 10:45 PM

Pls ignore previous get route output..

 

pls find the attached correct get  route output.. 

Attachment Sh route.txt ‏2 KB
Message 4 of 5 (219 Views)
 
Reply
Recognized Expert Recognized Expert
Recognized Expert
sarab
Posts: 266
Registered: ‎05-12-2012
0

Re: Policy based routing issue in SSG320M

Options

‎06-02-2012 12:46 AM

Sorry for the delayed response, had been very busy these days...

 

Could you please gather the following info for me ,

 

1. Which firmware and platform are you using ?

2. At the time of issue

 

Get session src-ip < IP of your mail server>

 

Collect one instance of above command when everything is working fine.

3. Run Debug flow basic with filters at the time of issue and gather the output.

 

 

Message 5 of 5 (189 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.