hi guys, im wondering if what is the issue on my setup;
LAN Segment => 1.1.1.0/24 => ge-0/0/0.0
DMZ Segment 1 => 5.5.4.0/26 => ge-0/0/5.0 (for ISP 1)
DMZ Segment 2 => 6.6.4.0/26 => ge-0/0/6.0 (for ISP 2)
ISP 1 =>
WAN Segment => 5.5.5.0/30 (5.1)
LAN Segment => 5.5.4.0/26 (4.1)
ISP 2 =>
WAN Segment => 6.6.6.0/30 (6.1)
LAN Segment => 6.6.4.0/26 (4.1)
Goals;
1.) Route 1.1.1.1-10 ips to ISP 1 -> working via fbf
2.) Route the rest 1.1.1.0/24 to ISP 2 -> working via fbf
Issue:
connection is having time outs from time to time on my dmz servers, im not sure if filter is needed although theyre both directly connected (gateway of dmz servers are the srx)
dmz 1 servers pings the internet via isp 1 --- intermittent rtos
dmz 2 servers pings the internet via isp 2 -- intermittent rtos
is there any other way how to check or verify why the issue is having this behavior?
pls see below sample config for the fbf / routing instance
pls have a look at my fbf below;
set routing-options static route 0.0.0.0/0 next-hop 5.5.5.1 (isp 1)
set routing-options static route 0.0.0.0/0 next-hop 6.6.6.1 (isp 2)
set firewall filter users term to-isp1 from source-address 1.1.1.10/32
set firewall filter users term to-isp1 from source-address 1.1.1.11/32
set firewall filter users term to-isp1 from source-address 1.1.1.12/32
set firewall filter users term to-isp1 from source-address 1.1.1.15/32
set firewall filter users term to-isp1 then log
set firewall filter users term to-isp1 then routing-instance isp1-fbf
set firewall filter users term to-isp2 from source-address 1.1.1.0/24
set firewall filter users term to-isp2 then routing-instance isp2-fbf
set firewall filter users term default then accept
set routing-options rib-groups isps import-rib inet.0
set routing-options rib-groups isps import-rib isp1-fbf.inet.0
set routing-options rib-groups isps import-rib isp2-fbf.inet.0
set routing-instances isp1-fbf instance-type forwarding
set routing-instances isp1-fbf routing-options interface-routes rib-group inet isps (im not sure this entry is needed)
set routing-instances isp1-fbf routing-options static route 0.0.0.0/0 next-hop 5.5.5.2 ( for isp 1)
set routing-instances isp1-fbf routing-options static route 0.0.0.0/0 qualified-next-hop 6.6.6.2 preference 30
set routing-instances isp2-fbf instance-type forwarding
set routing-instances isp2-fbf routing-options interface-routes rib-group inet isps (im not sure this entry is needed)
set routing-instances isp2-fbf routing-options static route 0.0.0.0/0 next-hop 6.6.6.2 ( for isp 2)
set routing-instances isp2-fbf routing-options static route 0.0.0.0/0 qualified-next-hop 5.5.5.2 preference 30
set interfaces ge-0/0/0 unit 0 family inet filter input users
For the DMZ
just straight forward;
DMZ Servers ips are part of the ISP's WAN/LAN ip scheme (/30 on wan and /26 on LAN)
Can any recommend anything peculiar about this config?
thank you