SRX

 View Only
last person joined: 23 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

SRX internet connectivity and failover/failback

  • 1.  SRX internet connectivity and failover/failback

    Posted 01-17-2022 05:40
    Hi,

    I have a pair of SRX 340 firewalls (Please see attached diagram) that are in a cluster. Which I need to do the following:


    In normal operation:

    Users connected to subnet A should be routed to the internet via ISP A
    Users connected to subnet B should be routed to the internet via ISP B

    I intend to implement the above via policy routing.

    In the following failover scenarios:

    - Failure of either node in the cluster
    - Failure of a ping monitor from the cluster (each of ge-0/0/1 and ge-5/0/1) to a host on the internet (implying ISP failure)

    I need subnet A users to be routed to the internet via ISP B (or subnet B users to be routed to the internet via ISP A depending on which node or ISP has failed)

    I also need pre-empt.

    Is this possible using these firewalls? If so how could it be done in terms of the node failure and the ping monitor, plus pre-empt?

    Thanks


    ------------------------------
    BOB COWLEY
    ------------------------------