SRX

Hi all,

I "inherited" a few juniper firewalls. Being quite comfy with firewalls in common, i cannot get the juniper to accept a new Line the Internet-provider installed.

i already have two other lines with pp.0 and pp.02 interfaces in the untrust zone, both working.

i have a x.x.x.56/29 net from the provider with usable adresses from x.x.x.58 to 62,

57 is the provider's cisco.

i configured the fe-0/0/7 interface with the right settings, added a logical interface with the right IP adress, added it to the "untrust" zone.

now:

i can ping the provider's cisco router from the connected interface, the provider assured that the line is working and the router is ok.

as soon as i ping an internet address via this interface there is no reply. i rerouted the 0.0.0.0 default route only to this interface, no internet. 

am i missing something?

Sounds like you have this setup the same as your other two providers?

I would start by connecting a laptop to the new service and set this up with the static address provided and run a test to verify that the service itself is working.  Once this is up we know for sure the issue is configuration.

Next I would try moving the new ISP interface into a separte routing instance with its own default route.  then run the ip address ping tests from there to verify access independent of the other ISP on the SRX. 

Once this is verify we would move on to integrating the new ISP.  For this we need to understand how the routing and either failover or policy based routing is working with the existing ISP.

ok, solved.

funny enough there was a syntax error in the original firewall config / routing section that only the cli validation found, the Jweb check did not complain when committing.... this error did do nothing except when i tried to add the new gateway. fixed this error first, then adding the new gateway and routing did work.

can be closed.