Hi
- For ISP1 Public servers should go to ISP1 and ISP2 public servers should go through ISP2 then use the FBF with forwarding instance or virtual routers.Make sure you both routing instances have backup routes with higher preference (This will helpful for LAN traffic to route to ISP2 if ISP1 is down and same for ISP2)
set routing-instance ISP1 routing-options static route 0.0.0.0/0 next-hop ISP1
set routing-instance ISP1 routing-options static route 0.0.0.0/0 next-hop ISP2 preference 200
- For local subnet 192.168.100.0/24 to use ISP2 if ISP1 is down. Then first make firewall filter as part of FBF and send the traffic from 192.168.100.0/24 to ISP1 instance. For the NAT, make two rule-set for soruce nat like below:
Assume 192.168.100.0/24 is in Trust Zone and ISP1 interface is in ISP1 zone and ISP2 interface is in ISP2 zone
set security nat source rule-set ISP-1 from zone Trust
set security nat source rule-set ISP-1 to zone ISP-1
set security nat source rule-set ISP-1 rule rule1 match source-address 192.168.100.0/24
set security nat source rule-set ISP-1 rule rule1 match destination-address 0.0.0.0/0
set security nat source rule-set ISP-1 rule rule1 then source-nat interface
set security nat source rule-set ISP-2 from zone Trust
set security nat source rule-set ISP-2 to zone ISP-2
set security nat source rule-set ISP-2 rule rule1 match source-address 192.168.100.0/24
set security nat source rule-set ISP-2 rule rule1 match destination-address 0.0.0.0/0
set security nat source rule-set ISP-2 rule rule1 then source-nat interface
HTH