Author Topic: Cluster SRX and two isp's  (Read 1452 times)

Peterv01

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Cluster SRX and two isp's
« on: September 20, 2016, 05:30:21 am »
Just need a push in the right direction...

Current situation: cluster attached to 2 switches (EX), having only one isp. Port ge-0/0/0 atatched to reth0.0
interfaces {
    ge-0/0/0 {
        gigether-options {
            redundant-parent reth0;
        }
    }

reth0 {
        redundant-ether-options {
            redundancy-group 1;
        }
        unit 0 {
            family inet {
                address 87.87.1.250/29;
            }
        }
    }
route 0.0.0.0/0 next-hop 87.87.1.249;

Goal: 2 SRX's in a cluster, each connected on their own switch; port ge-0/0/0 (reth 0.0) to switch-port 2.

Problem...
We preferrably do not(!) want to change the configuration part for the current line, meaning: we want to leave reth0.0 intact, because
all zones are linked to this interface.

I really have no idea how to approach this...
Anyone any idea what command lines to enter or at least give me a start?

Note
We don not have free ports on the firewalls anymore...

Peterv01

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Cluster SRX and two isp's
« Reply #1 on: September 20, 2016, 05:34:49 am »
cluster attached to 2 switches (EX), having only one isp. Port ge-0/0/0 atatched to reth0.0

With this I meant:
We have a cluster with 2 SRX firewalls.
Port ge-0/0/0 (reth0.0) from these FW's are attached to port 2 of the EX switches (WAN)
On one of the switches only one ISP is atatched (port 1)

Peterv01

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Cluster SRX and two isp's
« Reply #2 on: September 20, 2016, 06:10:18 am »
Something like this maybe???
============
set interfaces reth0.0 unit 0 family ethernet-switching port-mode trunk
set interfaces reth0.0 unit 0 family ethernet-switching vlan members 110
set interfaces reth0.0 family ethernet-switching native-vlan-id 10
set interfaces reth0.0 vlan-id 10 family inet address 87.87.1.250/29
============

Peterv01

  • Newbie
  • *
  • Posts: 6
  • Karma: +0/-0
    • View Profile
Re: Cluster SRX and two isp's
« Reply #3 on: September 20, 2016, 01:30:28 pm »
Hey... some lines of the goal fell off :-(
Let me rephrase the goal:

We want to route vpn traffic to switch port 8 (ISP 2), while sending all other traffic (internet) via switchport 1(ISP 2)
But we can only use one WAN interface: ge-0/0/0
We would like to remain the transparent current part as is, but use vlan tagging for the vpn-traffic to ISP1, so that it's send out of port 8.

What is the best solution and how/what lines?