RE: Firewall with Dual ISP's

Fri, 12 Nov 1999 16:37:43 -0800 

Peter,

Firewall-1 without additional packages doesnt really differentiate between
multiple network links. The FireWall-1 Connect Control Module will allow you
to do hot failover and load balancing between two machines, and that might
be a better solution. Base FireWall-1 is really designed to work with a
single external interface. It is possible to use FireWall-1 without the
connect control model with multiple gateways, but I wouldn't really
recommend it. 

If you do choose to do so I would highly recommend you use a solaris or AIX
solution. They both handle multiple gateways much better than NT. A better
solution may be to handle the multiple network links at your internal
router, and manage your routers acl's and packet filetering functionality
with FireWall-1 to isolate the two ISP's so your router wont act as a relay
between them. This way you dont necessarily need additional modules for your
firewall, and your routing is greatly simplified. I would still recommend
using a UNIX based firewall as it is a more appropriate security platform,
but it would be feasible to implement this kind of solution with NT.

Christopher Dinsmore
CCSA CCSE NCSA MCSE
===========================
Netegrity Technical Support
[EMAIL PROTECTED]
781-890-1700
===========================

-----Original Message-----
From: Watson, Peter [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 12, 1999 2:56 PM
To: '[EMAIL PROTECTED]'
Subject: Firewall with Dual ISP's





> We are looking at implementing at a dual ISP solution that will be
> connected to a Checkpoint firewall. There is some documentation on the web
> for redundant links such as a Cisco's HSRP and multi-node load balancing.
> But this is not really what am I looking for. I am more interested in the
> mechanics of how the firewall will handle two ISP links. How does it
> diffrentiate the traffic coming from two different routers. How is the
> concept of dual ISP's handled from an internet DNS and routing protocols.
> Has anybody implemented a dual ISP solution where both of the links are
> active at the same time. If anybody has any links, documentation,
> expereince they would like to share it would be greatly appreciated. 
> 
> Peter Watson
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to