Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Setup ISP failover with SSG140 and three (3) (or more/less) ISP's

    Posted 01-26-2012 05:20

    Hi all,

     

    I'm trying to setup a SSG 140, with 3 ISP uplinks, to failover if the primary ISP goes down. I search the forums and google but almost all results are for two ISP's. I'm also testing it with a SSG5 in my lab, but I seem to get something wrong because the failover seems to work (so my interface monitoring is ok), but the primary gateway stays active resulting in loss of network connectivity for clients.

     

    Could someone give my some hints on how to get it working?

     

    For my test I use a single SSG5 with e0/0 and e0/1 configured this a static IP. Then I configured two default 0/0 routes, one primary (172.20.21.50) with pref 20 and a secondary (172.20.22.50) with pref 25.

    Then when I unplug the e0/0 port, the 0/0 route to 172.20.21.50 stays active.

     

    Any help appreciated.

    Regards,

    Onno.


    #SSG
    #ISP
    #gateway
    #multiple


  • 2.  RE: Setup ISP failover with SSG140 and three (3) (or more/less) ISP's

    Posted 01-26-2012 17:12

    Hi,

     

    I would try leaving the pref at 20 for both.  Trying using a metric of 1 for the primary and a metric of 2 for the secondary.  Since you're already using track-ip, you should be all set.  If you want to add a third ISP, simply add another default route with a metric of 3.



  • 3.  RE: Setup ISP failover with SSG140 and three (3) (or more/less) ISP's

    Posted 01-28-2012 13:59
    i am using this scenario with 4 ISPs, using pref of 5, 10, 15,20 ...

    in your case, 172.20.21.50 should go down ... strange

    can you post the output "get int" and "get route"

    regards





  • 4.  RE: Setup ISP failover with SSG140 and three (3) (or more/less) ISP's

    Posted 02-02-2012 05:12

    Also make sure you do not have the "permanent" option set on the route.  I have seen many people accustomed to Windows do this as that means "install the route even after a reboot", whereas what it means in ScreenOS is "make the route active even if it is unreachable". 



  • 5.  RE: Setup ISP failover with SSG140 and three (3) (or more/less) ISP's
    Best Answer

    Posted 02-02-2012 05:47
      |   view attached

    Hi all,

     

    Thank you all for your helpfull replies.

    I accepted the reply of firewall72 as solution because that is indeed the way to go. BUT: as ron@mandstech.com mentioned. you indeed don't need to select select "permanent"! But I can only select one reply as solution. ;o)

     

    So to any reader: the total and complete solution is:

    1.: Setup track IP on the interface

    2.: Add default route for all necessary ISP's/Gateways

    3.: DON'T select the 'permanent' option while adding the route.

     

    I tested it with/without the 'permanent' option. Indeed the 'permanent' option was the cause that it did not switch.

    Also without the permanent option the routes will survive a system reboot.

     

    As extra reference I attached my lab config. (default user/pass) This config is based on 2 ISP's but I tested it also with 3 ISP's / Gateways.

     

    Thank you all again!

    Regards,

    Onno.

     

    EDIT: Accepted my own reply as solution because it has also a lab config, but credits go to firewall72 and ron@mandstech.com.

    Attachment(s)

    txt
    ssg5multiISP.txt   4 KB 1 version