In order to balance the load in juniper firewalls between SSG 20 and ADSL one can force one network say network A on trust to pass through ISP 1 with metric 1 and through ISP2 with metric 2 for fail over. Next the other network B on DMZ to pass through ISP 2 with metric 1 and through ISP 1 with metric 2 for fail over. you need to moniter each ISP gateway IP so that if one ISP is down all your traffic would be switched through the other ISP.
Like:
set interface ethernet0/0 monitor track-ip ip
set interface ethernet0/0 monitor track-ip threshold 10
set interface ethernet0/0 monitor track-ip ip “gw to ISP1” interval 3
set interface ethernet0/0 monitor track-ip ip “gw to ISP1” threshold 10
set interface ethernet0/1 monitor track-ip ip
set interface ethernet0/1 monitor track-ip threshold 10
set interface ethernet0/1 monitor track-ip ip “gw to ISP2” interval 3
set interface ethernet0/1 monitor track-ip ip “gw to ISP2” threshold 10
OR
If u have one flat network say 10.1.1.0/24 then you can divide that into four /27 networks: 10.1.1.0/27, 10.1.1.32/27, 10.1.1.64/27, 10.1.1.96/27 and 10.1.1.128/27.
a) You can route all traffic coming from 10.1.1.0/27 and 10.1.1.64/27 to ISP1 with metric 1 and and also ISP2 with metric 2 (for failover )
b) You can route all traffic coming from 10.1.1.32/27 and 10.1.1.128/27 to ISP2 with metric 1 and also ISP2 with metric 2 (for failover)
Note: Refer to How to Configure Source Based Routing and Source Interface Based Routing and for configuring source based routing.
Source: Juniper Forums
Leave a Reply