Unfortunately the firewall does not have this capability. From the man page of the 'cf static' command (the command to edit static routes):
$> man cf_static
Once a backup route is configured, the ispd daemon monitors the state and status of the default route. If a loss of connectivity is detected the ISP daemon will change the default route to the backup default route. When the default route becomes available again, the administrator may initiate a switch back to it by use of the cf static reset_default command. No automatic fail-back will be performed.
You cannot configure the firewall to automatically fail-back to using the default route when it becomes available again, unfortunately.
May be, May it to do somewhere else? May be, I have to use any protocol of Dinamic Routing?
Dynamic routing is a much, much, much more complicated setup than simply switching back to your 'regular' default route when it becomes available. If you do not have any experience with dynamic routing I do not recommend using it. What you are trying to do also will not work with dynamic routing unless there is some other device outside your firewall that knows when your default route 'goes down' and can then send you a new default route (basically). This would require you to setup dynamic routing on some other device along with your Sidewinder.
Here's how I'd do this:
Monitor the different connections using your favorite monitoring tool (I prefer Icinga/Nagios).
When the primary connectivity becomes available again launch a short expect script on the monitoring host which issue the cf static reset_default command.
Thank you everybody. But I have another question. Why I get "operation not permitted" if I try to use "cf" command in console of Operation System? I try to add static route. I ran either other command, but my result was the same.
I have the account "Admin" with GID=0 This account was created during installing MFE. I do not know root password, but "Admin" account must have full access.
What do I wrong?
Type 'srole' on the command-line to go to the 'super-user' account (if you can call it that).