ISP Failover

After setting up the ISP information and priorities, you can selectively monitor a route in the untrust-vr that can trigger a failover to the next highest priority ISP (next lowest priority number) when the monitored route disappears from the untrust-vr routing table. When the failover to ISP 2 occurs, it does not necessarily mean that ISP 1 went down or failed. It means that a particular route that you want to access that is beyond ISP 1 became unavailable and you want the device to wait a specified number of seconds before giving up and calling the backup ISP.

You configure the device to automatically dial to an Internet Service Provider (ISP) account when failover to the serial interface occurs. You can configure up to four ISP connections.

To Configure an ISP

  1. On the Interface (ISP) page, enter the necessary information:

ISP Name: Enter a name that identifies the ISP.

Primary Number: Enter the primary phone number to access the ISP. If your modem uses tone dial by default, but you want to use pulse dial, precede the phone number with a P. If your modem uses pulse dial by default, but you want to use tone dial, precede the phone number with a T.

Alternative Number: Enter the alternative phone number to access the ISP.

Login Name: Enter the user login for the ISP account.

Login Password: Enter the user password for the ISP account.

Priority: Enter the priority of this ISP, relative to other ISPs that may be configured. A value of 1 is the highest priority. The priority number determines the order that ScreenOS uses in attempting the dial-up connection; ScreenOS dials up the ISP with the highest priority first.

  1. Click OK to save the settings. Click Apply to continue the ISP configuration.

The ISP Failover page allows you to configure the following failover options, click Apply when finished.

ISP Failover Settings:  The holddown field lets you specify the number of seconds to wait before initiating failover. The default value is 30 seconds; however, the valid range is between 1 and 300 seconds.

Setting the Failover route:

The Route option allows you to specify a route generated by a dynamic routing protocol, such as OSPF or BGP. The security device monitors the status of the interface in the virtual router.

IP Address/Netmask: The route IP address and Netmask

The None option is set by default. The device will not use a route to identify failover.