Community Feedback
Community Feedback

Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎03-31-2015 10:10 PM

Hi,

 

we have configred load balancing (ECMP) and enhanced web filtering (have license) on our srx firewall. when we use 2 ISP, status of the server says is down but when we only use 1 ISP server status is up. i read an article that i need to create a source nat from junos-host to untrust so that traffic form the device itself will be natted, but it didnt work. any idea why server for the EWF is going down when we are using 2 ISP? many thanks

13 REPLIES 13
Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎03-31-2015 10:50 PM

Can you share your config ? so we can have a look ? Please share the working config and the changes you have made

 

 

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎03-31-2015 11:37 PM

Hi,

 

Attached is the config only for ECMP(load balance), EWF, nat and security policy. the config is working fine, however, again when we used 2 ISPs to load balance the traffic the connection is getting slower and some of the web sites that should be blocked are getting permitted, and when i check the server status of EWF it says Juniper Enhanced using Websense server DOWN. but when we only used 1 ISP the status of the websense server goes up and all the websites that should be blocked were being blocked and the speed of the internet is much more faster than when we use 2 ISP. 

Attachments

Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎03-31-2015 11:56 PM

This is the working setup you pasted ? of the setup that uses both isp's ?

 

 

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎04-01-2015 12:01 AM

yes sir

Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎04-01-2015 12:26 AM

Your servers behind the srx are beeing natted ? I'm guessing the public IP's you have in uses are from different ISP's ?

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
Community Feedback
Solution
Accepted by topic author kimffrey
‎08-26-2015 01:27 AM

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎04-01-2015 12:28 AM

You are hitting on below pr:

https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR866556

 

Eorkaround is to have static route through one ISP to .threadseeker cloud.

 

Regards,

c_r

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too


@kimffrey wrote:

Hi,

 

we have configred load balancing (ECMP) and enhanced web filtering (have license) on our srx firewall. when we use 2 ISP, status of the server says is down but when we only use 1 ISP server status is up. i read an article that i need to create a source nat from junos-host to untrust so that traffic form the device itself will be natted, but it didnt work. any idea why server for the EWF is going down when we are using 2 ISP? many thanks


 

Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎04-01-2015 12:34 AM

Ha yes! that could be it! I would also set  a qualified-next-hop over the other isp to have a failover when the primary isp fails

 

 

 

Some more about load balancing per packet

 

http://www.mustbegeek.com/load-balance-dual-isp-internet-in-juniper-srx/

 

and filter based load balancing

http://www.mustbegeek.com/configure-filter-based-load-balancing-in-juniper-srx/

 

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎04-01-2015 12:55 AM

Hi c_r,

 

i'll try that one and hope it will work. by the way does ECMP make your internet connection slow? because that's what i noticed. i think because we have a 12mbps dsl line and 2mbps leased line, srx load share the trafiics on the default routes and makes the internet connection slow, or it shoudnt be that way? thanks

Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎04-01-2015 01:01 AM

SRX does per session load balancing, hence the sessions should not experience any slowness, thiough, the two links are of different speeds you may see variation.

ECMP is Equal COST mutipath.

If the links ahve different speeds not a very good idea to use ECMP.

you can use FBF http://www.juniper.net/techpubs/en_US/junos14.2/topics/concept/firewall-filter-option-filter-based-f...

 

Regards,
C_R
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎04-01-2015 01:14 AM

Hi c_r,

 

i'll try FBF. thanks for your help appreciate it

Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎04-01-2015 01:19 AM

I would go with a Filter Based Forwarding setup on your SRX

 

http://www.mustbegeek.com/configure-filter-based-load-balancing-in-juniper-srx/

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎04-01-2015 01:40 AM

I'll try that. thanks mark, appreciate your help Smiley Happy

Community Feedback

Re: Server status: Juniper Enhanced using Websense server DOWN when load balancing(ECMP) is used

‎04-01-2015 01:42 AM

You are welcome :-)

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------