Screen OS

Hi All,

      Heres a good logic problem for you guys.  I have enabled Track ip on my untrust interface pinging a public IP (4.2.2.2).  My Firewall also has a default route pointing out this interface.

When I kill the ping from the firewall to the internet the interface goes down (as it should) thus causing the default route to dissapear ( as it should).  When i re-allow the ping my issue arrises, The interface never comes back up.

This causes a bit of a chicken and egg problem:

The interface needs to be UP for my default route to be activated but i need the Default route to be there for the the Track IP to allow the Interface to come back up.......hmmm Weird!

Heres a log view of what happens when i kill the ping

2009-03-26 08:55:50 crit No interface/route enables the Track IP IP address 4.2.2.2 to be transmitted.
2009-03-26 08:55:46 crit Track IP failure reached threshold.
2009-03-26 08:55:45 crit Track IP IP address 4.2.2.2 failed.

This is being ran on an SSG-5  running 6.1.0r3.0

Also im killing the ping on an upstream Firewall so i never unplug any cables.

Thanks!

good question, luckily there is a solution as well

Read this post (bottom of the post) 

http://www.corelan.be:8800/index.php/2009/02/06/juniper-sreenos-building-redundant-multi-exitpoint-isp-routing-failover-using-multiple-ospf-areas-and-ebgp

Essentially, just create a static route for the IP (4.2.2.2/32) that is used in track-ip and send it to the default gw...