The ISP that our SA-2500 is connected to had problems over the weekend and the Juniper VPN was externally unreachable during that time. Does the SA-2500 support having two ISPs as the external port so in case one ISP goes down, the other ISP takes over and connectivity is assured?
If the SA-2500 does not support this, does another Juniper product support multi-homing on the external port.
i think i understand what youa re trying to do but i do not think Juniper is able to do this as there is one external Port and One internal port.
So the proper way of doing this will be to have two SA devices on two diffrent ISPs and use a DNS load balancer to send traffic to one or both SAs.
What you are trying to do is combine two ISPs and we did this long time ago for a diffrent system. I think we used normal cisco routers for this and initially let the router monitor the routes and if the primary went down the traffic failed over to the 2ndary ISP and it started to broad cast our IP addresses.
If you have your own internet-routable subnet, you could put the external interface of the SA2500 on a LAN with this subnet, and advertise the subnet route into both ISPs.
Alternatively, you might be able to do much the same thing by using an RFC1918 subnet, and NATing the RFC1918 address of the SA2500 into the address space of both ISPs. I'm not a routing specialist by any means, but there might be some way to do that.
Or, maybe simplest, buy another SA2500 with a cluster license, configure a cluster as active-active, and have redundancy for the ISP and for the SA.