Hi,
My network service provider supplies me with a 100Mbps fibre link and a 15Mbps EFM link. The former is presented via a Juniper SRX210 router, the latter via a Juniper SRX100.
The links are configured by the carrier as active/standby. In event of failure of the fibre, failover of gateway/external IPs is automatic. The EFM will come online and apart from some dropped packets and voice calls, it's more or less transparent to us, in theory.
I have a pair of Sophos SG330s, in high availability mode. At present, only the fibre is connected to the pair. I'm using two ports on the SRX210, one to each of the eth1 SG330 ports. The eth1 interface is configured as a standard ethernet port - an IPv4 address with a /27 mask and a default gateway that corresponds to the SRX210.
Looking through the documentation, I can see plenty about the SG330 handling failover between two or more live links. But I don't see anything about how the firewall would handle an active/standby pair of WAN connections, when the IP configuration on both would essentially be identical.
We don't have any network specialists in my company. I'm it. And to show my level of knowledge/ignorance, I don't really understand VRRP or BGP.
Background info: in addition to the active/standby circuits, we also have BT Infinity Premium (high speed fibre broadband), 4G and satellite broadband. These provide failover capacity in the event that we lose the primary AND secondary circuits.
Another point to note (probably not relevant): we operate an IPsec tunnel between this office and another.
So, my question, I'm ready to plug the EFM/SRX100 router into another physical port (eth6) on both firewalls, but I can't work out how then to configure that interface (and possibly reconfigure the other interface). Group? Bridge? VLAN?
Can anyone point me in the right direction?
Many thanks in advance.
This thread was automatically locked due to age.
