ScreenOS Configure Backup Internet for Failover

Product: ScreenOS
Version: 6.0 and higher

Network Topology

Two firewall interfaces configured in untrust zone. One for each internet service provider using ethernet0/0 and ethernet0/1.

Description:

You can setup a second internet service as a configured backup line for use during failure on the primary line.  This utilizes interface backup and the track-ip features of ScreenOS 6.  This will automatically do the failover during the outage. This example assumes that ethernet0/0 is the current primary interface while ethernet0/1 is the new service interface.

Configuration:

Setup the new service interface

Add the ip address and untrust zone to ethernet0/1 or setup the dhcp on this interface for the new carrier.

If this is a static configuration then add the second default route to the carrier provided address out ethernet0/1.  On DHCP this route is added automatically.

Establish the backup and primary interfaces.

Web

Network–Interfaces–Backup

Select Primary interface ethernet0/0
Select Backup interface ethernet0/1
Select Track-ip

Hit Apply

CLI

set interface ethernet0/0 backup interface ethernet0/1 type track-ip

Setup Track-ip Monitoring to detect failure

Create the track-ip on interface ethernet0/0.  This is an internet ip address that when this interface can no longer ping it is considered down.  A good choice is the service provider DNS server for this line.

Web

Network–Interfaces–List

Edit ethernet0/0
Monitor tab

Select  enable track-ip
hit apply

Hit Add Monitor track ip
Enter ip address to ping (Carrier DNS)

CLI

set interface ethernet0/0 monitor track-ip ip
set interface ethernet0/0 monitor track-ip ip 1.1.1.1

Verification:

Look at interface list and observe that primary line is up and backup interface is down Disconnect the primary interface cable and observe the change in status on the interfaces

References:

ScreenOS Concepts and Examples Guide
http://www.juniper.net/techpubs/software/screenos/screenos6.2.0/index.html
Volume 2 Fundamentals
Chapter 3 Interfaces
Configuring Backup Interfaces

Originally Posted May 22, 2011
Last Revised on May 22, 2011