Routing
Highlighted
Routing

Routing failover in a firewall filter

[ Edited ]
‎11-15-2017 01:52 PM

We have an SRX300 with 2 completely independent ISP connections. Default route preference handles most outbound connections just fine. However, one ISP is cheap/fast cable broadband where we want all of our web-surfing activity to go. The other connection is reserved for more formal business needs.

 

The connections are set up with separate routing instances and rib groups in what I think is a fairly standard configuration. But for the web surfing traffic from our proxy server, I have a firewal filter as follows

firewall {
    filter PROXY-FILTER {
        term PROXY-DEFAULT-ROUTE {
            from {
                source-address {
                    192.168.4.85/32;
                }
            }
            then {
                routing-instance VR-SPECTRUM;
            }
        }
        term DEFAULT {
            then accept;
        }
    }
}

Thsi works great, all the traffic from the proxy server goes out the cable broadband. However when that connection drops, the proxy server can't reach the Internet. How can I add failover to this filter?

 

Sorry if this is stupid-simple, but I'm new to Junos as we are replacing our old SSG routers. I haven't been able to find the solution. Thanks.

2 REPLIES 2
Highlighted
Routing
Solution
Accepted by topic author jlar310
‎11-22-2017 10:46 AM

Re: Routing failover in a firewall filter

‎11-15-2017 05:15 PM
You may configure FBF with ip monitoring.

Pl follow the KB.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB22052&actp=METADATA

HTH..

*************************************
HTH.
Accept this as solution if it resolved your issue.
Kudos would be appreciated too.
Highlighted
Routing

Re: Routing failover in a firewall filter

‎11-22-2017 10:44 AM

We're using virtual-router routing-instances, but it looks like that solution should still work. Thanks.