I am working in aamra Technologies ltd, which is one of best IT solution provider company in Bangladesh. Recently we have sold one Juniper SRX550 firewall in Primer bank limited, which is one of the leading bank in Bangladesh. We have set up this firewall in DMZ zone. The network design and theie requirment is as below :
1. In SRX550, they have dropped two ISP.
2. Behind the firewall they have some Application server in DMZ zone and all the service is depend on internet.
Now theie requirment is :
1. Some application servers are going through ISP A via NAT
2. Some application servers are going through ISP B via NAT
3. They want to use both ISP at a time.
4. When one ISP will goes down that time automatically all trafiic will through another ISP via NAT.
I can configure one defult route via one ISP but how I will configure default route for both ISP in active active senario.
Is it possible to configure this firewall by matching the above critaria. If possible then plase help me how I will configure it.
With your requirements I would configure two virtual routers one for each ISP and their associated servers. This will very simply keep them on their respective ISP link.
then you would need to configure a secondary default route to the alternate ISP virtual router so that when you lose the upstream default route the failover can occur. for this I would use either qualified next hop or the RPM ip tracking.
Steve Puluka BSEET - Juniper Ambassador IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP) http://puluka.com/home