ScreenOS Firewalls (NOT SRX)
Reply
New User
tork
Posts: 5
Registered: ‎11-16-2010
0
Accepted Solution

[Question] Does Netscreen support static route track?

[ Edited ]

Does netscreen support static route track?

 

We know in Cisco ASA, there is an static route track function ,if the track object is unreachable, the route will be deleted from routing table.

 

Q:

1. So how about netscreen ?

2. Does Interface track works the same way? If true,when the track object is unreachable, the interface will be in DOWN status? If the interface is DOWN,how does it recover once the track ip is reachable again?

Recognized Expert
Sahota
Posts: 484
Registered: ‎03-15-2012
0

Re: [Question] Does Netscreen support static route track?

Hi,

 

If track-ip marks interface as down, all routes associated to the interface should go down.

Even when in down state, Firewall will attempt to send keepalive messages.

Once the keepalive is successful, the interface/routes will be up again.

 

Thanks.

Hardeep

Contributor
ed_gpc
Posts: 194
Registered: ‎09-21-2010
0

Re: [Question] Does Netscreen support static route track?

I think Juniper calls it route or gateway monitoring.  It monitors the gateway you create in the static route ( or is suppose to)

 

set route a.a.a.a/n interface X gateway g.g.g.g

Distinguished Expert
echidov
Posts: 858
Registered: ‎11-02-2009
0

Re: [Question] Does Netscreen support static route track?

Hi,

 

Gateway tracking is a misleading term. This is not a kind of icmp or arp monitoring but a special dependence of a static route from another one. The first route is configured without a routing interface and it's gateway IP is an IP in a remote network. If there is another active static route which makes this IP reachable, the first route is also considered as active (KB9017).

ScreenOS cannot unfortunatelly perform tracking on a separate static route. IP tracking, configured on an interface, can bring ALL of it's associated routes up or down. The only exception are the routes that are configured as permanent.

If an interface is down due to failed IP tracking this does not prevent it from sending icmp or arp packets. As soon as the monitored IP has become reachable the interface and it's routes get an active status again.

Kind regards,
Edouard
New User
tork
Posts: 5
Registered: ‎11-16-2010
0

Re: [Question] Does Netscreen support static route track?

thank you,same as i think.

 

that it the only way to make it work.

New User
tork
Posts: 5
Registered: ‎11-16-2010
0

Re: [Question] Does Netscreen support static route track?

thanks for your detail introduction

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.