Unless I misundertsand what you are trying to accomplish you should be able to enable ISP redundancy in the firewall configuration without buying an F5 or Radware box. This feature is free but not yet availible for the Nokia platform. Are you attempting to load balance or is this just HA ?
On 6/13/05, . security <[EMAIL PROTECTED]> wrote: > "ISP redundancy" > > Something along the lines of an F5 or Radware box? Yes that has been > considered. > > Plumbing two ISPs right into our existing firewall will surely come up, I > want to make sure > my fact are indeed correct before I shoot it down :) > > Simply put I need to justify the need for an additional firewall for the new > ISP connection vs > using the current FW infrastructure. > > >From: Scott Tobias <[EMAIL PROTECTED]> > >Reply-To: Mailing list for discussion of Firewall-1 > ><[email protected]> > >To: [email protected] > >Subject: Re: [FW-1] Redundant ISPs [single POF/route issue] > >Date: Mon, 13 Jun 2005 13:09:57 -0400 > > > >Maybe I am missing something but is there a reason you can't use ISP > >redundancy ? > > > >On 6/13/05, Hal Dorsman <[EMAIL PROTECTED]> wrote: > > > To get ISP redundancy you need to use BGP and get an Autonomous System > > > number. You will need to coordinate this with both ISPs, and you will > > > need a pretty beefy router capable of handling the BGP routing tables. > > > Yes, your FW would still be a single pof, but at least you have control > > > over that and can have at least a cold standby. > > > > > > Hal > > > > > > -----Original Message----- > > > From: . security [mailto:[EMAIL PROTECTED] > > > Sent: Monday, June 13, 2005 9:32 AM > > > To: [email protected] > > > Subject: [FW-1] Redundant ISPs [single POF/route issue] > > > > > > > > > We are considering adding an additional ISP for redundancy purposes, > > > would it make an sense to plumb a second Internet connection into an > > > existing > > > infrastructure? [see ASCII art below] > > > > > > This infrastructure already has a working internet connection [isp1] my > > > guess it would create more problems that it would solve. > > > > > > Off the top of my head, I've come up with these reasons not too: > > > -potential routing issue [asynchronous, confusion on the best route to > > > the > > > internet] > > > -failpoint, redundancy on the ISPs but the firewall are still a single > > > P.O.F -complex route tables on the firewall > > > > > > > > > internet[isp1] internet[isp2] > > > | | > > > [**********firewall***********]--------------------------|DMZ > > > | > > > | > > > internal network > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > ================================================= > > > To set vacation, Out-Of-Office, or away messages, > > > send an email to [EMAIL PROTECTED] > > > in the BODY of the email add: > > > set fw-1-mailinglist nomail > > > ================================================= > > > To unsubscribe from this mailing list, > > > please see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ================================================= > > > If you have any questions on how to change your > > > subscription options, email > > > [EMAIL PROTECTED] > > > ================================================= > > > > > > >================================================= > >To set vacation, Out-Of-Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
