[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Configuring Juniper INS-PHOENIX (SRX220H) Firewall

Posted on 2013-01-02
6
Medium Priority
?
659 Views
Last Modified: 2013-01-04
Hi,

I have a juniper ins-phoenix (srx220h) firewall in my organization.
I have two ISP.
Requirement
+++++++++++
I want to set up the juniper firewall (which i am using as a router also) in such a way that whenever my ISP1 link goes down it should automatically connect to ISP2 and whenever ISP1 link comes back it should switch back over to ISP1.
Basically I want to make ISP2 as a backup connection so which connects by self.

Also I do not want to make any changes to the workstations. Actually they should not even notice that link of ISP1 is down.

Is this possible at all, if so how to achieve this and implement this.

Thanks
0
Comment
Question by:abhinav4
  • 3
  • 3
6 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 38739293
In short yes it is possible.

We can set up 2 default routes on the SRX that point to each ISP.

Make sure that you set the default route that points to the primary ISP to be better than the secondary ISP.

This will ensure that while the primary ISP is up and running, the default route pointing to them will be used as the preferred route.

If the primary goes down, then the route using the primary will become unusable, so the secondary default route will kick in.

Should the primary come back up, then its route will then again become active.

Users will not need to change their own default gateway, which should be the SRX however please bear in mind that if they are accessing resources behind another firewall on the internet, the users will now be coming from a different IP address on the internet.

HTH
0
 

Author Comment

by:abhinav4
ID: 38739443
ok, but could you tell me how to do that? the procedure?
0
 
LVL 18

Expert Comment

by:deimark
ID: 38739638
Hi bud

On the CLI do the following:


set routing-options static route 0/0 next-hop <IP address of primary ISP next hop>
set routing-options static route 0/0 next-hop <IP address of secondary ISP next hop> preference 7

This will give you 2 default routes with the 1st route added being more preferred than the 2nd.

Does this help?
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 

Author Comment

by:abhinav4
ID: 38743035
Hello,
Thanks for the information, but as this is in production and multiple workstations connected through this only (as this firewall acts like a router basically), CLI is not preferred by other.
Could you guide me from GUI mode?
0
 
LVL 18

Accepted Solution

by:
deimark earned 1500 total points
ID: 38743065
Open up the webUI

Go to Configure tab

Select routing, then static

Add routes there

Note, for your primary route you do not need to add a preference, it will adopt the standard preference of 5, so you only need to add the preference to the secondary route.
0
 

Author Comment

by:abhinav4
ID: 38743102
Thank you I will do this after obtaining permission from the management. Probably on weekends :)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses
Course of the Month18 days, 21 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question