SRX Services Gateway
Highlighted
SRX Services Gateway

SRX Internet Failover Question

‎05-24-2014 07:42 PM

We have setup our SRX240 Cluster with dual ISP's and Dual VPN tunnels on each respective ISP.  Each ISP handoff comes down to a small switch to be split across to both SRX in the cluster.  

We have configured BFD for internal failover over the VPN tunnels and this works perfectly.  However, while simulating an ISP outage by disconnecting the ISP handoff to the switch that sits before the firewall, the primary Internet route stays active.

 

So during the simulated outage our internal connectivity fails over but our internet (0.0.0.0/0) does not fail over.

 

Can someone suggest a solution or point me in the right direction?  We were thinking of possibly Tracking the IP of the ISP gateway.

 

Thank You,

 

Ryan

2 REPLIES 2
Highlighted
SRX Services Gateway
Solution
Accepted by topic author wreck
‎08-26-2015 01:27 AM

Re: SRX Internet Failover Question

‎05-25-2014 06:17 AM

I like to use track ip to the ISP DNS servers instead of the gateway.  There are times when the gateway is still active but upstream issues on the ISP prevent internet access from working.  Tracking both of the DNS servers has worked better for me as a failure indicator of the ISP service.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: SRX Internet Failover Question

‎05-27-2014 06:48 AM

hi,

 

I think the following KB's will help you ;

 

[SRX] IP monitoring with FBF (Filter Based Forwarding in a Dual ISP scenario):

http://kb.juniper.net/InfoCenter/index?page=content&id=KB22052&smlogin=true

 

Regards,

c_r

 

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!