Your first step will be to move the current outside address OFF of the cluster to the BGP router that faces that ISP. The outside address for the other ISP will go on the other BGP router. The outside interface for the cluster will have a new address on a small segment that connects it to the inside interfaces of both routers. Your firewall policies shouldn't know or care which ISP delivered a given packet to you -- all the cluster cares about is that it arrived from the Internet.
David Gillett > -----Original Message----- > From: Ogos Sixtynine [mailto:[email protected]] > Sent: Friday, June 12, 2009 6:37 AM > To: [email protected] > Subject: [FW-1] Internet redundancy using BGP routers in > front of CHeckpointCluster....NGXR65 > > Hello Everyone, > > Finally, we are in the process of implementing Internet > redundancy using BGP routers in front of our current > Checkpoint Cluster SPLAT NGXR65, the BGP routers > configuration will be done by an external company using CISCO > routers. We already haveĀ the AS numbers and the second > Internet connection but "I am having difficulty > conceptualizing" how the Checkpoint Cluster will be handling > the new set of IP address belonging to the 2nd Internet connection. > > Currently, there is only 1 (one) external interface defined > on the cluster that handle the traffic to the first internet > connection also using this Interface as default gateway to > the external world or Internet. > > Here is the part I am confused about Checkpoint.... > > In order to start migrating VPN connections to 2nd Internet > connection, dont I need to define a second external Interface > on the cluster? > > If not, then how can I assign multiple IP address scheme on > differenet subnets to the same interface? > > Maybe I am missing something really simple but i cant get > over this mental block. > Thanks all for the replies... > > > > > > > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, send an > email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your subscription > options, email [email protected] > ================================================= > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
