• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 664
  • Last Modified:

Configuring Juniper INS-PHOENIX (SRX220H) Firewall

Hi,

I have a juniper ins-phoenix (srx220h) firewall in my organization.
I have two ISP.
Requirement
+++++++++++
I want to set up the juniper firewall (which i am using as a router also) in such a way that whenever my ISP1 link goes down it should automatically connect to ISP2 and whenever ISP1 link comes back it should switch back over to ISP1.
Basically I want to make ISP2 as a backup connection so which connects by self.

Also I do not want to make any changes to the workstations. Actually they should not even notice that link of ISP1 is down.

Is this possible at all, if so how to achieve this and implement this.

Thanks
0
abhinav4
Asked:
abhinav4
  • 3
  • 3
1 Solution
 
deimarkCommented:
In short yes it is possible.

We can set up 2 default routes on the SRX that point to each ISP.

Make sure that you set the default route that points to the primary ISP to be better than the secondary ISP.

This will ensure that while the primary ISP is up and running, the default route pointing to them will be used as the preferred route.

If the primary goes down, then the route using the primary will become unusable, so the secondary default route will kick in.

Should the primary come back up, then its route will then again become active.

Users will not need to change their own default gateway, which should be the SRX however please bear in mind that if they are accessing resources behind another firewall on the internet, the users will now be coming from a different IP address on the internet.

HTH
0
 
abhinav4Author Commented:
ok, but could you tell me how to do that? the procedure?
0
 
deimarkCommented:
Hi bud

On the CLI do the following:


set routing-options static route 0/0 next-hop <IP address of primary ISP next hop>
set routing-options static route 0/0 next-hop <IP address of secondary ISP next hop> preference 7

This will give you 2 default routes with the 1st route added being more preferred than the 2nd.

Does this help?
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
abhinav4Author Commented:
Hello,
Thanks for the information, but as this is in production and multiple workstations connected through this only (as this firewall acts like a router basically), CLI is not preferred by other.
Could you guide me from GUI mode?
0
 
deimarkCommented:
Open up the webUI

Go to Configure tab

Select routing, then static

Add routes there

Note, for your primary route you do not need to add a preference, it will adopt the standard preference of 5, so you only need to add the preference to the secondary route.
0
 
abhinav4Author Commented:
Thank you I will do this after obtaining permission from the management. Probably on weekends :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now