How to organise two Untrust connections
pylnov last edited by
I have device SSG 140.
Prompt how to organise two Untrust connections?
It is necessary, that only one constantly worked Untrust connection, and the second Untrust connection joined in a case if the first ceases to work.
jonas-itp last edited by
If you are using two seperate internet connections, you need create one default routes for each internet connections. Deffine the primary connections with the lowest Preference.
Set up Track-ip on the primary interface against your default gateway on that interface.
If the firewall ip-track threshold fails, your firewall will tage your primary interface and routes on the interface down, and then use the default route on the other internet connection.
Jonas Ø. Pedersen
Juniper networks specialist
(Juniper - Master of systems Engineering Award 2010)
EX, SSG, SRX, UAC, and SA
ivan78 last edited by
Translated with prompt?
From what kind of failure you are trying to protect?
If you connected to two different switches in the same broadcast domain and you need L1 failover then you may configure redundant group.
First you declare an interface and bind it to Untrust zone:
set interface red1 zone untrust
Then assign physical interfaces to redundant group:
set int ethernet0/0 group red1
set int ethernet0/1 group red1
set interface red1 primary ethernet0/0
Then configure IP address for redundant group
set interface red1 ip ad.d.re.ss/mask