07-04-2012 08:12 PM - edited 07-04-2012 08:13 PM
Does netscreen support static route track?
We know in Cisco ASA, there is an static route track function ,if the track object is unreachable, the route will be deleted from routing table.
1. So how about netscreen ?
2. Does Interface track works the same way? If true,when the track object is unreachable, the interface will be in DOWN status? If the interface is DOWN,how does it recover once the track ip is reachable again?
Solved! Go to Solution.
07-05-2012 03:06 AM
If track-ip marks interface as down, all routes associated to the interface should go down.
Even when in down state, Firewall will attempt to send keepalive messages.
Once the keepalive is successful, the interface/routes will be up again.
07-09-2012 09:04 AM
I think Juniper calls it route or gateway monitoring. It monitors the gateway you create in the static route ( or is suppose to)
set route a.a.a.a/n interface X gateway g.g.g.g
07-10-2012 12:38 AM
Gateway tracking is a misleading term. This is not a kind of icmp or arp monitoring but a special dependence of a static route from another one. The first route is configured without a routing interface and it's gateway IP is an IP in a remote network. If there is another active static route which makes this IP reachable, the first route is also considered as active (KB9017).
ScreenOS cannot unfortunatelly perform tracking on a separate static route. IP tracking, configured on an interface, can bring ALL of it's associated routes up or down. The only exception are the routes that are configured as permanent.
If an interface is down due to failed IP tracking this does not prevent it from sending icmp or arp packets. As soon as the monitored IP has become reachable the interface and it's routes get an active status again.