How to organise two Untrust connections



  • I have device SSG 140.
    Prompt how to organise two Untrust connections?
    It is necessary, that only one constantly worked Untrust connection, and the second Untrust connection joined in a case if the first ceases to work.



  • Hi.

    If you are using two seperate internet connections, you need create one default routes for each internet connections. Deffine the primary connections with the lowest Preference.
    Set up Track-ip on the primary interface against your default gateway on that interface.

    If the firewall ip-track threshold fails, your firewall will tage your primary interface and routes on the interface down, and then use the default route on the other internet connection.

    Best regards
    Jonas Ø. Pedersen

    Juniper networks specialist
    (Juniper - Master of systems Engineering Award 2010)
    EX, SSG, SRX, UAC, and SA

    www.itplaneten.dk / www.jnpr.dk



  • Hi Pylnov

    Translated with prompt? 🙂

    From what kind of failure you are trying to protect?
    If you connected to two different switches in the same broadcast domain and you need L1 failover then you may configure redundant group.

    First you declare an interface and bind it to Untrust zone:

    set interface red1 zone untrust

    Then assign physical interfaces to redundant group:

    set int ethernet0/0 group red1
    set int ethernet0/1 group red1
    set interface red1 primary ethernet0/0

    Then configure IP address for redundant group

    set interface red1 ip ad.d.re.ss/mask

    Ivan.


 

21
Online

38.4k
Users

12.7k
Topics

44.5k
Posts