SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



SRX internet connectivity and failover/failback

  • 1.  SRX internet connectivity and failover/failback

    Posted 01-17-2022 05:40
    Hi,

    I have a pair of SRX 340 firewalls (Please see attached diagram) that are in a cluster. Which I need to do the following:


    In normal operation:

    Users connected to subnet A should be routed to the internet via ISP A
    Users connected to subnet B should be routed to the internet via ISP B

    I intend to implement the above via policy routing.

    In the following failover scenarios:

    - Failure of either node in the cluster
    - Failure of a ping monitor from the cluster (each of ge-0/0/1 and ge-5/0/1) to a host on the internet (implying ISP failure)

    I need subnet A users to be routed to the internet via ISP B (or subnet B users to be routed to the internet via ISP A depending on which node or ISP has failed)

    I also need pre-empt.

    Is this possible using these firewalls? If so how could it be done in terms of the node failure and the ping monitor, plus pre-empt?

    Thanks


    ------------------------------
    BOB COWLEY
    ------------------------------