Our topology is as follow
lan: 192.168.1.1-->SSG1-->(e0/0)WAN:118.163.40.37<--Internet-->124.12.151.186(WAN)<-->SSG2<-LAN:192.168.10.1
--->(e0/6)DMZ:172.31.106.74<---MPLS--->172.31.154.178(DMZ)
SSG2 have two static route to 192.168.1.0
set route 192.168.1.0/24 interface ethernet0/6 gateway 172.31.154.177 (primary route is through DMZ)
set route 192.168.1.0/24 interface tunnel.2 preference 30 metric 10 (Secondary route is through WAN by IPsec)
SSG1 have the same above rules of route to 192.168.10.0
First I set monitor to e0/6 of SSG2 as follow
set interface ethernet0/6 monitor track-ip ip
set interface ethernet0/6 monitor track-ip threshold 55
set interface ethernet0/6 monitor track-ip weight 50
set interface ethernet0/6 monitor track-ip ip 192.168.1.1 interval 2
set interface ethernet0/6 monitor track-ip ip 192.168.1.1 weight 60
unset interface ethernet0/6 monitor track-ip dynamic
set interface ethernet0/6 monitor threshold 40
when I set disable to dmz interface from SSG1, the traffic to 192.168.1.1 will through by secondary route, then enable dmz interface from SSG1 again, the traffic to 192.168.1.1 will change back to primary route.
Secondary I set the same monitor rules to e0/6 of SSG1 as follow
set interface ethernet0/6 monitor track-ip ip
set interface ethernet0/6 monitor track-ip threshold 55
set interface ethernet0/6 monitor track-ip weight 50
set interface ethernet0/6 monitor track-ip ip 192.168.10.1 interval 2
set interface ethernet0/6 monitor track-ip ip 192.168.10.1 weight 60
unset interface ethernet0/6 monitor track-ip dynamic
set interface ethernet0/6 monitor threshold 40
When I set disable to dmz interface from SSG2, the traffic to 192.168.10.1 will through by secondary route, but I enable dmz interface from SSG2 again, this interface alway be "down", if I remove monitor rule, this interface will be "up" why?
Who could help me how to set monitor track bidirectional for this topology? thanks.