Screen OS

Hi,

I just want to verify that I can load balance two ISP connections in the following way (on an SSG 140): Each ISP is connected to an Ethernet port that is configured with the appropriate IP address data. I enable ECMP routing on the trust-vr. Now I add two 0.0.0.0/0 routes. I configure the first with the IP address of ISP1's router as gateway and the second route analogously. I take care that both routers have an equal metric.

Then ScreenOS will automatically distribute traffic that flows from trust to untrust equally between both ISP connections on a per session base. I don't need to have control about what host in the trust zone is routed over what ISP connection.

Regards,

Dominik

Hi,

When u enable ECMP to load balance traffic accross multiple ISPs then traffic like http, which creates multiple sessions will not work properly. This issues and its solution has been discussed many times in this forum. The solution for multi session traffic is source based routing or pollicy based routing, for load balancing traffic across multiple ISPs but keep in mind that firewall is not a load balancer so it will not ensure that traffic is distributed equally (50% 50%) across both links.

You can refer following threads for further clearification.

http://forums.juniper.net/jnet/board/message?board.id=Firewalls&thread.id=577

http://forums.juniper.net/jnet/board/message?board.id=Firewalls&thread.id=821

http://forums.juniper.net/jnet/board/message?board.id=Firewalls&thread.id=787

Please let me know it solves ur problem.

Thanks