?
Solved

Configuring Juniper INS-PHOENIX (SRX220H) Firewall

Posted on 2013-01-02
6
Medium Priority
?
657 Views
Last Modified: 2013-01-04
Hi,

I have a juniper ins-phoenix (srx220h) firewall in my organization.
I have two ISP.
Requirement
+++++++++++
I want to set up the juniper firewall (which i am using as a router also) in such a way that whenever my ISP1 link goes down it should automatically connect to ISP2 and whenever ISP1 link comes back it should switch back over to ISP1.
Basically I want to make ISP2 as a backup connection so which connects by self.

Also I do not want to make any changes to the workstations. Actually they should not even notice that link of ISP1 is down.

Is this possible at all, if so how to achieve this and implement this.

Thanks
0
Comment
Question by:abhinav4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 38739293
In short yes it is possible.

We can set up 2 default routes on the SRX that point to each ISP.

Make sure that you set the default route that points to the primary ISP to be better than the secondary ISP.

This will ensure that while the primary ISP is up and running, the default route pointing to them will be used as the preferred route.

If the primary goes down, then the route using the primary will become unusable, so the secondary default route will kick in.

Should the primary come back up, then its route will then again become active.

Users will not need to change their own default gateway, which should be the SRX however please bear in mind that if they are accessing resources behind another firewall on the internet, the users will now be coming from a different IP address on the internet.

HTH
0
 

Author Comment

by:abhinav4
ID: 38739443
ok, but could you tell me how to do that? the procedure?
0
 
LVL 18

Expert Comment

by:deimark
ID: 38739638
Hi bud

On the CLI do the following:


set routing-options static route 0/0 next-hop <IP address of primary ISP next hop>
set routing-options static route 0/0 next-hop <IP address of secondary ISP next hop> preference 7

This will give you 2 default routes with the 1st route added being more preferred than the 2nd.

Does this help?
0
Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

 

Author Comment

by:abhinav4
ID: 38743035
Hello,
Thanks for the information, but as this is in production and multiple workstations connected through this only (as this firewall acts like a router basically), CLI is not preferred by other.
Could you guide me from GUI mode?
0
 
LVL 18

Accepted Solution

by:
deimark earned 1500 total points
ID: 38743065
Open up the webUI

Go to Configure tab

Select routing, then static

Add routes there

Note, for your primary route you do not need to add a preference, it will adopt the standard preference of 5, so you only need to add the preference to the secondary route.
0
 

Author Comment

by:abhinav4
ID: 38743102
Thank you I will do this after obtaining permission from the management. Probably on weekends :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Is your computer hacked? learn how to detect and delete malware in your PC
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month12 days, 4 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question