Another option is to run BGP inbound and HSRP outbound, with different prefs for each subnet (subnet X pref is isp1, subnet Y pref is isp2)
Cameron Kim -----Original Message----- From: . security [mailto:[EMAIL PROTECTED] Sent: Monday, June 13, 2005 8:32 AM To: [email protected] Subject: [FW-1] Redundant ISPs [single POF/route issue] We are considering adding an additional ISP for redundancy purposes, would it make an sense to plumb a second Internet connection into an existing infrastructure? [see ASCII art below] This infrastructure already has a working internet connection [isp1] my guess it would create more problems that it would solve. Off the top of my head, I've come up with these reasons not too: -potential routing issue [asynchronous, confusion on the best route to the internet] -failpoint, redundancy on the ISPs but the firewall are still a single P.O.F -complex route tables on the firewall internet[isp1] internet[isp2] | | [**********firewall***********]--------------------------|DMZ | | internal network ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
