Routing

Expand all | Collapse all

Routing failover in a firewall filter

Jump to Best Answer
  • 1.  Routing failover in a firewall filter

    Posted 11-15-2017 13:52

    We have an SRX300 with 2 completely independent ISP connections. Default route preference handles most outbound connections just fine. However, one ISP is cheap/fast cable broadband where we want all of our web-surfing activity to go. The other connection is reserved for more formal business needs.

     

    The connections are set up with separate routing instances and rib groups in what I think is a fairly standard configuration. But for the web surfing traffic from our proxy server, I have a firewal filter as follows

    firewall {
        filter PROXY-FILTER {
            term PROXY-DEFAULT-ROUTE {
                from {
                    source-address {
                        192.168.4.85/32;
                    }
                }
                then {
                    routing-instance VR-SPECTRUM;
                }
            }
            term DEFAULT {
                then accept;
            }
        }
    }

    Thsi works great, all the traffic from the proxy server goes out the cable broadband. However when that connection drops, the proxy server can't reach the Internet. How can I add failover to this filter?

     

    Sorry if this is stupid-simple, but I'm new to Junos as we are replacing our old SSG routers. I haven't been able to find the solution. Thanks.



  • 2.  RE: Routing failover in a firewall filter
    Best Answer

    Posted 11-15-2017 17:15
    You may configure FBF with ip monitoring.

    Pl follow the KB.

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB22052&actp=METADATA

    HTH..


  • 3.  RE: Routing failover in a firewall filter

    Posted 11-22-2017 10:45

    We're using virtual-router routing-instances, but it looks like that solution should still work. Thanks.