Hi Ogos,
Let me see if I got your scenery: You have 2 border routers, each with
one BGP link. The "internal" interface of both routers will be on the
same LAN as the external interface of your firewall. I'm assuming that
all IP blocks you have belong to your AS.
So, there's a suggestion:
- Announce all the IP blocks of your AS via BGP on both border gateways;
- Create static routes on both of your border gateways to the
not-directly-connected blocks, using your firewall as the next hop;
- Configure HSRP or VRRP between your border gateways, and point the
default gateway of your firewall to the virtual address.
This does not cover any need on load balancing, but may be OK if the
only requirement is redundancy.
--
Zenari
Ogos Sixtynine wrote:
Hello Everyone,
Finally, we are in the process of implementing Internet redundancy using BGP routers in
front of our current Checkpoint Cluster SPLAT NGXR65, the BGP routers configuration will
be done by an external company using CISCO routers. We already have the AS numbers and
the second Internet connection but "I am having difficulty conceptualizing" how
the Checkpoint Cluster will be handling the new set of IP address belonging to the 2nd
Internet connection.
Currently, there is only 1 (one) external interface defined on the cluster that
handle the traffic to the first internet connection also using this Interface
as default gateway to the external world or Internet.
Here is the part I am confused about Checkpoint....
In order to start migrating VPN connections to 2nd Internet connection, dont I
need to define a second external Interface on the cluster?
If not, then how can I assign multiple IP address scheme on differenet subnets
to the same interface?
Maybe I am missing something really simple but i cant get over this mental
block.
Thanks all for the replies...
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.339 / Virus Database: 270.12.65/2171 - Release Date: 06/12/09 05:55:00
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
