SRX

Hello, i want to ask,

i have 2 internet connection with static ip public and i want to configure my juniper srx 100 with scenario like this:

a. user with ip address list 1-30 connect to internet with ISP 1

b. user with ip address 31-254 connect to internet with ISP 2

i have already configure fortigate with scenario like that use routing policy for dual internet connection

can i do that routing policy like fortigate in juniper srx 100 ?

anyone can help me ?

sorry for my bad english.

Hi,

Yes you can do this.

Put both the ISPs in different routing instance.

keep one in inet.o and the second one in another routing instance.

create firewall filter to route traffic

filter term 1 will have the source 31-254 ips and destination any and the action as then accept routing-instance instance 1.

filter term 2 will have action as then accept.

example:

set firewall filter routing term1 from source-address 31-254 ips

set firewall filter routing term 1 from destination-address 0.0.0.0

set firewall filter routing term 1 then accept

set firewall filter routing term 1 then routing-instance instance1

set firewall filter routing term 2 then accept

apply this firewall filter to the interface which is the ingress interface.

set interface ge-0/0/2.0 family inet filter input routing

Also you could go through this KB which talks about the scenario.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB23300&actp=METADATA

regards,

Guru Prasad