I required help configuring of dual Internet links with Failover and load balancing on SSG-140.Right now we have a single ISP link on firewall for all inbound traffic of Emails and outbound traffic of internet via proxy server using same link.
We have decided to acquire second ISP link.
We want to achieve following.
- All outbound Emails and DNS queries for email routing from the mail servers should be sent via the ISP-1.
- In an event of ISP-1 Link is Down All the Outbound Emails and DNS Queries for email routing from the mail servers should go through ISP-2.
- All the Outbound Internet Access via Proxy server should go through ISP-2.
- In an event of ISP-2 Link is Down the Proxy server should route their requests via ISP-1.
- All inbound Traffic of (MIPs,VIP) should come to interface that is connected to ISP 1.
- In an Event of ISP1 failure all inbound traffic should come interface that is connected through ISP-2.
We will acquire separate live IP pools from both ISPs and configure MIPS and VIP on separately on both interfaces.
According to my R&D we can achieve point 1 to 4 through source base routing and track both isp1 and isp2 using IP tracking.
My question is that how I define route for MIP/VIP traffic that comes from internet how we achieve failover of MIP traffic in case of one link down???