Unable to failover to ISP2 in case isp1 is down here is the config. Can you please help on how to get this working?
"set groups node0 system host-name srx-a
set groups node0 interfaces fxp0 unit 0 family inet address 172.16.2.5/24
set groups node1 system host-name srx-b
set groups node1 interfaces fxp0 unit 0 family inet address 172.16.2.6/24
set apply-groups "${node}"
set chassis cluster reth-count 4
set chassis cluster redundancy-group 0 node 0 priority 200
set chassis cluster redundancy-group 0 node 1 priority 100
set chassis cluster redundancy-group 1 node 0 priority 200
set chassis cluster redundancy-group 1 node 1 priority 100
set chassis cluster redundancy-group 1 preempt
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/2 weight 128
set chassis cluster redundancy-group 1 interface-monitor ge-5/0/2 weight 128
set chassis cluster redundancy-group 1 interface-monitor ge-0/0/3 weight 128
set chassis cluster redundancy-group 1 interface-monitor ge-5/0/3 weight 128
set interfaces fab0 fabric-options member-interfaces ge-0/0/0
set interfaces fab1 fabric-options member-interfaces ge-5/0/0
set interfaces ge-0/0/2 gigether-options redundant-parent reth0
set interfaces ge-5/0/2 gigether-options redundant-parent reth0
set interfaces ge-0/0/3 gigether-options redundant-parent reth1
set interfaces ge-5/0/3 gigether-options redundant-parent reth1
set interfaces ge-0/0/4 gigether-options redundant-parent reth2
set interfaces ge-5/0/4 gigether-options redundant-parent reth2
set interfaces ge-0/0/5 gigether-options redundant-parent reth3
set interfaces ge-5/0/5 gigether-options redundant-parent reth3
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 0 family inet address 192.168.2.194/24
set interfaces reth1 redundant-ether-options redundancy-group 1
set interfaces reth1 unit 0 family inet address 192.168.99.199/24
set interfaces reth2 redundant-ether-options redundancy-group 1
set interfaces reth2 unit 0 family inet filter input fbf-isp
set interfaces reth2 unit 0 family inet address 172.16.22.1/23
set interfaces reth3 redundant-ether-options redundancy-group 1
set interfaces reth3 unit 0 family inet filter input fbf-isp
set interfaces reth3 unit 0 family inet address 172.16.29.1/24
set security zones security-zone Untrusted-ISP1 interfaces reth0.0
set security zones security-zone Untrusted-ISP1 host-inbound-traffic system-services ping
set security zones security-zone Untrusted-ISP2 interfaces reth1.0
set security zones security-zone Untrusted-ISP2 host-inbound-traffic system-services ping
set security zones security-zone Trusted interfaces reth2.0
set security zones security-zone Trusted interfaces reth3.0
set security zones security-zone Trusted host-inbound-traffic system-services all
set routing-instances ISP1-RI instance-type virtual-router
set routing-instances ISP1-RI interface reth0.0
set routing-instances ISP1-RI routing-options static route 0.0.0.0/0 next-hop 192.168.2.1
set routing-instances ISP2-RI instance-type virtual-router
set routing-instances ISP2-RI interface reth1.0
set routing-instances ISP2-RI routing-options static route 0.0.0.0/0 next-hop 192.168.99.1
set firewall family inet filter fbf-isp term lan1-to-isp1 from source-address 172.16.22.0/23
set firewall family inet filter fbf-isp term lan1-to-isp1 then routing-instance ISP1-RI
set firewall family inet filter fbf-isp term lan2-to-isp2 from source-address 172.16.29.0/24
set firewall family inet filter fbf-isp term lan2-to-isp2 then routing-instance ISP2-RI
set firewall family inet filter fbf-isp term default then accept
set services rpm probe isp1-probe test ping-isp1 target address 192.168.2.1
set services rpm probe isp1-probe test ping-isp1 probe-count 3
set services rpm probe isp1-probe test ping-isp1 probe-interval 5
set services rpm probe isp1-probe test ping-isp1 test-interval 10
set services rpm probe isp1-probe test ping-isp1 next-hop 192.168.2.1
set services rpm probe isp1-probe test ping-isp1 source-address 192.168.2.194
set services rpm probe isp1-probe test ping-isp1 routing-instance ISP1-RI
set services rpm probe isp1-probe test ping-isp1 thresholds successive-loss 3
set services rpm probe isp2-probe test ping-isp2 target address 192.168.99.1
set services rpm probe isp2-probe test ping-isp2 probe-count 3
set services rpm probe isp2-probe test ping-isp2 probe-interval 5
set services rpm probe isp2-probe test ping-isp2 test-interval 10
set services rpm probe isp2-probe test ping-isp2 next-hop 192.168.99.1
set services rpm probe isp2-probe test ping-isp2 source-address 192.168.99.199
set services rpm probe isp2-probe test ping-isp2 routing-instance ISP2-RI
set services rpm probe isp2-probe test ping-isp2 thresholds successive-loss 3
set security nat source pool ISP1-Pool address 192.168.2.194/32
set security nat source pool ISP2-Pool address 192.168.99.199/32
set security nat source rule-set Trusted-NAT-ISP1 from zone Trusted
set security nat source rule-set Trusted-NAT-ISP1 to zone Untrusted-ISP1
set security nat source rule-set Trusted-NAT-ISP1 rule corp-to-inet1 match source-address 172.16.22.0/23
set security nat source rule-set Trusted-NAT-ISP1 rule corp-to-inet1 match destination-address 0.0.0.0/0
set security nat source rule-set Trusted-NAT-ISP1 rule corp-to-inet1 then source-nat pool ISP1-Pool
set security nat source rule-set Trusted-NAT-ISP1 rule guest-to-inet1 match source-address 172.16.29.0/24
set security nat source rule-set Trusted-NAT-ISP1 rule guest-to-inet1 match destination-address 0.0.0.0/0
set security nat source rule-set Trusted-NAT-ISP1 rule guest-to-inet1 then source-nat pool ISP1-Pool
set security nat source rule-set Trusted-NAT-ISP2 from zone Trusted
set security nat source rule-set Trusted-NAT-ISP2 to zone Untrusted-ISP2
set security nat source rule-set Trusted-NAT-ISP2 rule corp-to-inet2 match source-address 172.16.22.0/23
set security nat source rule-set Trusted-NAT-ISP2 rule corp-to-inet2 match destination-address 0.0.0.0/0
set security nat source rule-set Trusted-NAT-ISP2 rule corp-to-inet2 then source-nat pool ISP2-Pool
set security nat source rule-set Trusted-NAT-ISP2 rule guest-to-inet2 match source-address 172.16.29.0/24
set security nat source rule-set Trusted-NAT-ISP2 rule guest-to-inet2 match destination-address 0.0.0.0/0
set security nat source rule-set Trusted-NAT-ISP2 rule guest-to-inet2 then source-nat pool ISP2-Pool
set security policies from-zone Trusted to-zone Untrusted-ISP1 policy allow-all match source-address any
set security policies from-zone Trusted to-zone Untrusted-ISP1 policy allow-all match destination-address any
set security policies from-zone Trusted to-zone Untrusted-ISP1 policy allow-all match application any
set security policies from-zone Trusted to-zone Untrusted-ISP1 policy allow-all then permit
set security policies from-zone Trusted to-zone Untrusted-ISP2 policy allow-all match source-address any
set security policies from-zone Trusted to-zone Untrusted-ISP2 policy allow-all match destination-address any
set security policies from-zone Trusted to-zone Untrusted-ISP2 policy allow-all match application any
set security policies from-zone Trusted to-zone Untrusted-ISP2 policy allow-all then permit
set event-options policy isp1-fail events rpm-probe-failure
set event-options policy isp1-fail attributes-match rpm-probe-failure.test-owner matches isp1-probe
set event-options policy isp1-fail then change-configuration commands "delete firewall family inet filter fbf-isp term lan1-to-isp1 then routing-instance ISP1-RI"
set event-options policy isp1-fail then change-configuration commands "set firewall family inet filter fbf-isp term lan1-to-isp1 then routing-instance ISP2-RI"
set event-options policy isp1-fail then change-configuration commands "commit"
set event-options policy isp1-recover events rpm-probe-recovery
set event-options policy isp1-recover attributes-match rpm-probe-recovery.test-owner matches isp1-probe
set event-options policy isp1-recover then change-configuration commands "delete firewall family inet filter fbf-isp term lan1-to-isp1 then routing-instance ISP2-RI"
set event-options policy isp1-recover then change-configuration commands "set firewall family inet filter fbf-isp term lan1-to-isp1 then routing-instance ISP1-RI"
set event-options policy isp1-recover then change-configuration commands "commit"
set event-options policy isp2-fail events rpm-probe-failure
set event-options policy isp2-fail attributes-match rpm-probe-failure.test-owner matches isp2-probe
set event-options policy isp2-fail then change-configuration commands "delete firewall family inet filter fbf-isp term lan2-to-isp2 then routing-instance ISP2-RI"
set event-options policy isp2-fail then change-configuration commands "set firewall family inet filter fbf-isp term lan2-to-isp2 then routing-instance ISP1-RI"
set event-options policy isp2-fail then change-configuration commands "commit"
set event-options policy isp2-recover events rpm-probe-recovery
set event-options policy isp2-recover attributes-match rpm-probe-recovery.test-owner matches isp2-probe
set event-options policy isp2-recover then change-configuration commands "delete firewall family inet filter fbf-isp term lan2-to-isp2 then routing-instance ISP1-RI"
set event-options policy isp2-recover then change-configuration commands "set firewall family inet filter fbf-isp term lan2-to-isp2 then routing-instance ISP2-RI"
set event-options policy isp2-recover then change-configuration commands "commit"
"
------------------------------
TAYO DADA
------------------------------