You won't happen to have a simple diagram of your setup for us to have a look at would you ? easy to visualise ...
Thanks! >From: Joe Pampel <[EMAIL PROTECTED]> >Reply-To: Mailing list for discussion of Firewall-1 ><[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] More than One ISP but One Firewall >Date: Wed, 13 Mar 2002 11:46:06 -0500 > >I do this. We run edge routers with diverse T1's (different loop providers, >different POP's and different carriers) and behind the router is a HA >firewall solution. The good part as others have mentioned is that you need >only statics on the FW, and failover is very clean. The firewall can just >focus on doing FW stuff (not dynamic routing!) We've had maybe 7 outages in >the past year involving at least one of our T's (the worst day we had 5 >down!, the longest outage was 9 days when a genious at an associated ISP >(not our provider) lost our B8ZS circuit in a shelf full of AMI circuits.. >"gee, what's that doing here? and dumped it. By the time the fingerpointing >was over, it had been nearly a week!!! Diversity rules and BGP WILL pay for >itself IMHO. Something like this need only happen once, you know?) Anyhow, >not a single user ever noticed. BGP converges for most local stuff in >around a minute or 2. I sleep much better than I used to. ;-) It's worth >mentioning that we don't r! >un a site to site VPN, and BGP would not save your VPN session.. but for >any "normal" traffic - http, smtp, etc it's great and you could >re-establish your VPN after a couple minutes anyhow. Not the end of the >world in most cases I'd guess. >We're moving to a setup with redundant edge routers which will complete the >project. If I can make it another month or so, it will have been a full >year without so much as a second of outage. (oops! now I'm gonna get it..) > >- Joe > > >>> Russell Washington <[EMAIL PROTECTED]> 03/12/02 11:17AM > >>> >The traditional topology for this is to have a router terminate both ISP >connections, and then have your firewall sitting behind the router. This >topology assumes that your entire point in having 2 ISP connections is to >have a failover option, and while routers generally have the ability to >failover via BGP, your firewall almost certainly won't. > >I don't quite understand 'protect them with single ISP.' The ISP doesn't >protect a thing, the firewall does. Maybe you could clarify. > >-----Original Message----- >From: harsh bhasin [mailto:[EMAIL PROTECTED]] >Sent: Monday, March 11, 2002 9:59 PM >To: [EMAIL PROTECTED] >Subject: [FW-1] More than One ISP but One Firewall > > >Hi > >Is that possible that i have two internet links freom >two different ISP's and protect them with single ISP > >If yes then what issues are involved if no then why. > > >Regards >Harsh Bhasin > >__________________________________________________ >Do You Yahoo!? >Try FREE Yahoo! Mail - the world's greatest free email! >http://mail.yahoo.com/ > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
