Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2661
  • Last Modified:

how do i set up juniper ssg5 failover for 2nd isp?

i have a juniper ssg5 with my primary isp going into it. i have a backup isp comming into the building but not into the ssg5. is there a way i can do this? my config is very straight forward, not much routing. also once i do this is there anything i need to set up like dns forwarders on my servers or dns and mx records at our hosting site?

heres a copy of my config- do i need to add any dns info or backup routes?
1 Solution
When you say the second ISP is not going into SSG5, I understand that if you connect an unused interface on SSG5 to secondary ISP network, this link can be used go to internet in case of primary ISP failure.

Let's assume you are using ethernet0/0 for primary ISP and are using ethernet0/1 for backup internet.

The steps needed are:
1. Configure ethetnet0/1 for Untrust zone.
2. Add route for secondary ISP with higher metric so when the primary goes down; secondary would take over.
     set route int e0/0 gate <primary_isp_gateway> preference 20 metric 20
     set route int e0/1 gate <secondary_isp_gateway> preference 20 metric 30

I am assuming that the ethernet0/0 link would go down in the event of ISP failure; if this is not the case, then we would need to configure interface tracking and in case of failure track-ip would trigger failover.

Thank you.

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now