We have setup our SRX240 Cluster with dual ISP's and Dual VPN tunnels on each respective ISP. Each ISP handoff comes down to a small switch to be split across to both SRX in the cluster.
We have configured BFD for internal failover over the VPN tunnels and this works perfectly. However, while simulating an ISP outage by disconnecting the ISP handoff to the switch that sits before the firewall, the primary Internet route stays active.
So during the simulated outage our internal connectivity fails over but our internet (0.0.0.0/0) does not fail over.
Can someone suggest a solution or point me in the right direction? We were thinking of possibly Tracking the IP of the ISP gateway.
Thank You,
Ryan