Expand all | Collapse all

Routing failover in a firewall filter

Jump to Best Answer
  • 1.  Routing failover in a firewall filter

    Posted 11-15-2017 13:52

    We have an SRX300 with 2 completely independent ISP connections. Default route preference handles most outbound connections just fine. However, one ISP is cheap/fast cable broadband where we want all of our web-surfing activity to go. The other connection is reserved for more formal business needs.


    The connections are set up with separate routing instances and rib groups in what I think is a fairly standard configuration. But for the web surfing traffic from our proxy server, I have a firewal filter as follows

    firewall {
        filter PROXY-FILTER {
            term PROXY-DEFAULT-ROUTE {
                from {
                    source-address {
                then {
                    routing-instance VR-SPECTRUM;
            term DEFAULT {
                then accept;

    Thsi works great, all the traffic from the proxy server goes out the cable broadband. However when that connection drops, the proxy server can't reach the Internet. How can I add failover to this filter?


    Sorry if this is stupid-simple, but I'm new to Junos as we are replacing our old SSG routers. I haven't been able to find the solution. Thanks.

  • 2.  RE: Routing failover in a firewall filter
    Best Answer

    Posted 11-15-2017 17:15
    You may configure FBF with ip monitoring.

    Pl follow the KB.


  • 3.  RE: Routing failover in a firewall filter

    Posted 11-22-2017 10:45

    We're using virtual-router routing-instances, but it looks like that solution should still work. Thanks.