06-07-2012 11:31 AM
I have ssg320m..i have 2 ISP.. ISP 1 & ISP2.. ISP1 for mailing & ISP2 for internet browsing..
For this scenario i configured one default route for my ISP2 & create PBR for mail traffic on ISP1..
So i am doing internet browsing ONLY through ISP2..
Now i want internet browsing through BOTH ISP's.. but mail traffice through ISP1..
So is it possible to do the same.. if yes then how can i do the this..
Pls anyone guide me..
Solved! Go to Solution.
06-07-2012 10:32 PM
This is possible by configuring ECMP.
Network > Routing > Virtual Router > Edit
Maximum ECMP Routes --- <Select 2>
Configure 2 default routes with equal pref and Metric through both the ISPs.
However the above solution may cause issues for "Https" websites. I would recommend adding a PBR to send HTTPs (port 443) traffic through any one of the ISPs.
06-08-2012 10:38 AM
Thanks for your suggestion..
Pls confirm one thing.. that your suggested configuration will not effect my SMTP traffice which is going through ONLY ISP1 through PBR....
becouse i dont want my smtp traffice pass through my ISP2...
06-09-2012 02:42 AM
Again thanks Sarab..
One more question..In this senario how do i know that which user's internet traffic passing through which ISP..
Can i do command over this through DNS of my ISP..means suppose when i put ISP1 DNS on PC1 then its internet traffic go through ISP1 and when i put ISP2 DNS on PC2 then its internet traffice go through ISP2..
And how can i block any website through SSG320M..
06-09-2012 09:06 AM
06-14-2012 11:17 AM
I have configured ECMP as adviced by you but when i am giving ISP2 DNS IP to user then internet browsing working fine & when i am giving ISP1 DNS IP to user then internet browsing becomes very slow...OR some times users are not able to open any website..
PLEASE advice where is the issue..
06-14-2012 10:01 PM
06-14-2012 10:31 PM
I am not able to ping ISP1 DNS form juniper firewall but able to ping ISP2 DNS..Trace route of ISP1 DNS is also not successful..... below is my DNS configuratin
DNS .> Host > dns1 - 202.X.50.4 src int. Eth0/2 -----(ITs my ISP1 DNS)
dns2 - 202.X.230.5 src int. Sth0/3 -----(its my ISp2 DNS)
Is there any issue..
You advice to configure global DNS... pls suggest how to configure the same...
06-21-2012 11:01 PM
Have you configured global DNS now on your Machines ?
Are you facing this 'Website not accessible' issue for HTTPs websites ? , If yes then it is expected as I had mentioned in my earlier post.
06-24-2012 11:01 AM
Thanks for reply...
I have configured global DNS on my machines...
i also configured 443 traffic to pass through only ISP1..
But still my user facing the problem of slow internet browsing & some time HTTP webpages not opening with single click..
06-24-2012 09:50 PM
06-26-2012 01:48 AM
06-26-2012 04:38 AM
a) enable Counting on a policy or policies and view the report
b) check interface counters under Report and do the math
c) set up an SNMP tool that will give you nice graphs; e.g. MRTG or PRTG
06-26-2012 05:37 AM
The method mentioned will tell the Interface utilization at any point of time and may not be the exact measure of maximum ISP bandwidth or Internet speed available from that ISP.
If Anoop's requirement is to monitor the Interface utilization then definitely he should follow the method mentioned in previous update by you.