SRX

First at all sorry for my Eng is not quite good. I newbie with SRX.

I need split internet company and VPN connection with SRX and FGT follow list below

Concurrent (NAT/Policy)

"wan1(1.1.1.254/ge-0/0/1.0 zone untrust)

internal network(192.168.0.254/ge-0/0/2.0 zone trust)--->FGT (wan)Port1(192.168.0.2) ->FGT (internal)Port5"

Additional VPN (request NAT)

"wan2(2.2.2.254/ge-0/0/3.0 zone vpnuntrust)(NAT 2.2.2.1 to 192.168.150.253)

vpn (192.168.150.254/ge-0/0/4.0 zone vpntrust)--->FGT (wan)Port2(192.168.150.253(VPN->Branch))" and static route 0.0.0.0/0 1.1.1.254.

Could you please advice in this case? and Can I create virtual route on interface without effect with concurrent system?

if you have any advice please let me know.

Thank,

I think I follow the situation.  You want to keep a current ISP for normal internet traffic and are adding a second ISP to use for a VPN connection.

If this is the case you can create a virtual router routing instance for the new ISP.

Add the external interface to this instance

set routing-instance VPN-ISP instance-type virtual router

set routing-instance VPN-ISP interface ge-x/x/x.0

Configure the interface with the setup for your ISP

THen configure the VPN to use this interface as the gateway.

The internal side of the tunnel interface st0.x can be in the main routing instance and connect to all the local lan segments are needed.

Thank you for your idea. IT Work!!! Many thank you save my life

Thanks for the update, glad it is working for you.