Solved

Configuring Juniper INS-PHOENIX (SRX220H) Firewall

Posted on 2013-01-02
6
653 Views
Last Modified: 2013-01-04
Hi,

I have a juniper ins-phoenix (srx220h) firewall in my organization.
I have two ISP.
Requirement
+++++++++++
I want to set up the juniper firewall (which i am using as a router also) in such a way that whenever my ISP1 link goes down it should automatically connect to ISP2 and whenever ISP1 link comes back it should switch back over to ISP1.
Basically I want to make ISP2 as a backup connection so which connects by self.

Also I do not want to make any changes to the workstations. Actually they should not even notice that link of ISP1 is down.

Is this possible at all, if so how to achieve this and implement this.

Thanks
0
Comment
Question by:abhinav4
  • 3
  • 3
6 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 38739293
In short yes it is possible.

We can set up 2 default routes on the SRX that point to each ISP.

Make sure that you set the default route that points to the primary ISP to be better than the secondary ISP.

This will ensure that while the primary ISP is up and running, the default route pointing to them will be used as the preferred route.

If the primary goes down, then the route using the primary will become unusable, so the secondary default route will kick in.

Should the primary come back up, then its route will then again become active.

Users will not need to change their own default gateway, which should be the SRX however please bear in mind that if they are accessing resources behind another firewall on the internet, the users will now be coming from a different IP address on the internet.

HTH
0
 

Author Comment

by:abhinav4
ID: 38739443
ok, but could you tell me how to do that? the procedure?
0
 
LVL 18

Expert Comment

by:deimark
ID: 38739638
Hi bud

On the CLI do the following:


set routing-options static route 0/0 next-hop <IP address of primary ISP next hop>
set routing-options static route 0/0 next-hop <IP address of secondary ISP next hop> preference 7

This will give you 2 default routes with the 1st route added being more preferred than the 2nd.

Does this help?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:abhinav4
ID: 38743035
Hello,
Thanks for the information, but as this is in production and multiple workstations connected through this only (as this firewall acts like a router basically), CLI is not preferred by other.
Could you guide me from GUI mode?
0
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 38743065
Open up the webUI

Go to Configure tab

Select routing, then static

Add routes there

Note, for your primary route you do not need to add a preference, it will adopt the standard preference of 5, so you only need to add the preference to the secondary route.
0
 

Author Comment

by:abhinav4
ID: 38743102
Thank you I will do this after obtaining permission from the management. Probably on weekends :)
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
small, multi network, problem 3 95
Cisco Router help 5 64
using BGP Attributes 2 83
NAS with google authentication 6 98
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

805 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question