Cluster SRX and two isp's



  • Just need a push in the right direction…

    Current situation: cluster attached to 2 switches (EX), having only one isp. Port ge-0/0/0 atatched to reth0.0
    interfaces {
        ge-0/0/0 {
            gigether-options {
                redundant-parent reth0;
            }
        }

    reth0 {
            redundant-ether-options {
                redundancy-group 1;
            }
            unit 0 {
                family inet {
                    address 87.87.1.250/29;
                }
            }
        }
    route 0.0.0.0/0 next-hop 87.87.1.249;

    Goal: 2 SRX’s in a cluster, each connected on their own switch; port ge-0/0/0 (reth 0.0) to switch-port 2.

    Problem…
    We preferrably do not(!) want to change the configuration part for the current line, meaning: we want to leave reth0.0 intact, because
    all zones are linked to this interface.

    I really have no idea how to approach this…
    Anyone any idea what command lines to enter or at least give me a start?

    Note
    We don not have free ports on the firewalls anymore…



  • Hey… some lines of the goal fell off 😞
    Let me rephrase the goal:

    We want to route vpn traffic to switch port 8 (ISP 2), while sending all other traffic (internet) via switchport 1(ISP 2)
    But we can only use one WAN interface: ge-0/0/0
    We would like to remain the transparent current part as is, but use vlan tagging for the vpn-traffic to ISP1, so that it’s send out of port 8.

    What is the best solution and how/what lines?



  • Something like this maybe???

    set interfaces reth0.0 unit 0 family ethernet-switching port-mode trunk
    set interfaces reth0.0 unit 0 family ethernet-switching vlan members 110
    set interfaces reth0.0 family ethernet-switching native-vlan-id 10
    set interfaces reth0.0 vlan-id 10 family inet address 87.87.1.250/29



  • @Peterv01:

    cluster attached to 2 switches (EX), having only one isp. Port ge-0/0/0 atatched to reth0.0

    With this I meant:
    We have a cluster with 2 SRX firewalls.
    Port ge-0/0/0 (reth0.0) from these FW’s are attached to port 2 of the EX switches (WAN)
    On one of the switches only one ISP is atatched (port 1)


 

29
Online

38.4k
Users

12.7k
Topics

44.5k
Posts