The goal wasn't for redundancy per se, more for load sharing. Our current
internet pipe is saturated, the short term goal is move all VPN related
traffic
[remote users and tunnels] over to a new dedicated firewall and different
ISP.
What that said, I cannot see the gain if only one firewall was used with the
only
change being a second Internet connection.
Does that make sense?
From: "Kim, Cameron" <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] Redundant ISPs [single POF/route issue]
Date: Mon, 13 Jun 2005 14:04:17 -0700
Another option is to run BGP inbound and HSRP outbound, with different
prefs for each subnet (subnet X pref is isp1, subnet Y pref is isp2)
Cameron Kim
-----Original Message-----
From: . security [mailto:[EMAIL PROTECTED]
Sent: Monday, June 13, 2005 8:32 AM
To: [email protected]
Subject: [FW-1] Redundant ISPs [single POF/route issue]
We are considering adding an additional ISP for redundancy purposes,
would it make an sense to plumb a second Internet connection into an
existing
infrastructure? [see ASCII art below]
This infrastructure already has a working internet connection [isp1] my
guess it would create more problems that it would solve.
Off the top of my head, I've come up with these reasons not too:
-potential routing issue [asynchronous, confusion on the best route to
the internet] -failpoint, redundancy on the ISPs but the firewall are
still a single P.O.F -complex route tables on the firewall
internet[isp1] internet[isp2]
| |
[**********firewall***********]--------------------------|DMZ
|
|
internal network
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
