Solved

Configuring Juniper INS-PHOENIX (SRX220H) Firewall

Posted on 2013-01-02
6
655 Views
Last Modified: 2013-01-04
Hi,

I have a juniper ins-phoenix (srx220h) firewall in my organization.
I have two ISP.
Requirement
+++++++++++
I want to set up the juniper firewall (which i am using as a router also) in such a way that whenever my ISP1 link goes down it should automatically connect to ISP2 and whenever ISP1 link comes back it should switch back over to ISP1.
Basically I want to make ISP2 as a backup connection so which connects by self.

Also I do not want to make any changes to the workstations. Actually they should not even notice that link of ISP1 is down.

Is this possible at all, if so how to achieve this and implement this.

Thanks
0
Comment
Question by:abhinav4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 18

Expert Comment

by:deimark
ID: 38739293
In short yes it is possible.

We can set up 2 default routes on the SRX that point to each ISP.

Make sure that you set the default route that points to the primary ISP to be better than the secondary ISP.

This will ensure that while the primary ISP is up and running, the default route pointing to them will be used as the preferred route.

If the primary goes down, then the route using the primary will become unusable, so the secondary default route will kick in.

Should the primary come back up, then its route will then again become active.

Users will not need to change their own default gateway, which should be the SRX however please bear in mind that if they are accessing resources behind another firewall on the internet, the users will now be coming from a different IP address on the internet.

HTH
0
 

Author Comment

by:abhinav4
ID: 38739443
ok, but could you tell me how to do that? the procedure?
0
 
LVL 18

Expert Comment

by:deimark
ID: 38739638
Hi bud

On the CLI do the following:


set routing-options static route 0/0 next-hop <IP address of primary ISP next hop>
set routing-options static route 0/0 next-hop <IP address of secondary ISP next hop> preference 7

This will give you 2 default routes with the 1st route added being more preferred than the 2nd.

Does this help?
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:abhinav4
ID: 38743035
Hello,
Thanks for the information, but as this is in production and multiple workstations connected through this only (as this firewall acts like a router basically), CLI is not preferred by other.
Could you guide me from GUI mode?
0
 
LVL 18

Accepted Solution

by:
deimark earned 500 total points
ID: 38743065
Open up the webUI

Go to Configure tab

Select routing, then static

Add routes there

Note, for your primary route you do not need to add a preference, it will adopt the standard preference of 5, so you only need to add the preference to the secondary route.
0
 

Author Comment

by:abhinav4
ID: 38743102
Thank you I will do this after obtaining permission from the management. Probably on weekends :)
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Palo Alto Networks - find the sec zone 3 77
creating SVI on layer 3 switch 1 57
The ideal material to secure cables 7 45
TCP Reset from Server 3 37
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question