how do i set up juniper ssg5 failover for 2nd isp?

i have a juniper ssg5 with my primary isp going into it. i have a backup isp comming into the building but not into the ssg5. is there a way i can do this? my config is very straight forward, not much routing. also once i do this is there anything i need to set up like dns forwarders on my servers or dns and mx records at our hosting site?

heres a copy of my config- do i need to add any dns info or backup routes?
Who is Participating?
dpk_walConnect With a Mentor Commented:
When you say the second ISP is not going into SSG5, I understand that if you connect an unused interface on SSG5 to secondary ISP network, this link can be used go to internet in case of primary ISP failure.

Let's assume you are using ethernet0/0 for primary ISP and are using ethernet0/1 for backup internet.

The steps needed are:
1. Configure ethetnet0/1 for Untrust zone.
2. Add route for secondary ISP with higher metric so when the primary goes down; secondary would take over.
     set route int e0/0 gate <primary_isp_gateway> preference 20 metric 20
     set route int e0/1 gate <secondary_isp_gateway> preference 20 metric 30

I am assuming that the ethernet0/0 link would go down in the event of ISP failure; if this is not the case, then we would need to configure interface tracking and in case of failure track-ip would trigger failover.

Thank you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.