"ISP redundancy"
Something along the lines of an F5 or Radware box? Yes that has been
considered.
Plumbing two ISPs right into our existing firewall will surely come up, I
want to make sure
my fact are indeed correct before I shoot it down :)
Simply put I need to justify the need for an additional firewall for the new
ISP connection vs
using the current FW infrastructure.
From: Scott Tobias <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] Redundant ISPs [single POF/route issue]
Date: Mon, 13 Jun 2005 13:09:57 -0400
Maybe I am missing something but is there a reason you can't use ISP
redundancy ?
On 6/13/05, Hal Dorsman <[EMAIL PROTECTED]> wrote:
> To get ISP redundancy you need to use BGP and get an Autonomous System
> number. You will need to coordinate this with both ISPs, and you will
> need a pretty beefy router capable of handling the BGP routing tables.
> Yes, your FW would still be a single pof, but at least you have control
> over that and can have at least a cold standby.
>
> Hal
>
> -----Original Message-----
> From: . security [mailto:[EMAIL PROTECTED]
> Sent: Monday, June 13, 2005 9:32 AM
> To: [email protected]
> Subject: [FW-1] Redundant ISPs [single POF/route issue]
>
>
> We are considering adding an additional ISP for redundancy purposes,
> would it make an sense to plumb a second Internet connection into an
> existing
> infrastructure? [see ASCII art below]
>
> This infrastructure already has a working internet connection [isp1] my
> guess it would create more problems that it would solve.
>
> Off the top of my head, I've come up with these reasons not too:
> -potential routing issue [asynchronous, confusion on the best route to
> the
> internet]
> -failpoint, redundancy on the ISPs but the firewall are still a single
> P.O.F -complex route tables on the firewall
>
>
> internet[isp1] internet[isp2]
> | |
> [**********firewall***********]--------------------------|DMZ
> |
> |
> internal network
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
