Thanks for your prompt respond !
But let me clearify something,
we have our email server routing agent sit on the DMZ already and every
outbound email will have address resolved from the DNS and then go through
FW1 and external cisco router serial interface to the ISP which hosting
our domain name there and any incoming email would come back the same
path. We have this setup for Years and work fine !
Since we are going to joint and add another broadband ISP and they will
provide ATM connection with a Ethernet connection box, so it is not possible
to connect this two line together.
We want to make use the new broadband most (for outbound mail and Web)
and the exist ISP for (inbound mail) !
The same question:
Since there is only one default gateway can be use on the firewall,
the outbound will go through the default gateway path but the inbound
will go through either paths.
Would that possible to have two NIC installed on the FW1 to connect to
two ISP ?? (will it cause any inbound session inconsistent issue ?)
GEMEX TRADING LIMITED
Stony Hui
IT Services (Network Support Officer)
MCSE & CCNA
Visit GEMEX in the Metro-Intranet
@ http://home.gemex-ag.com
> -----Original Message-----
> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
> Sent: 05, June, 2000 10:00 AM
> To: Hui Stony
> Cc: [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: [FW1] Two Lan cards for Internet connection
>
> what are you talking about.
>
> Email has really nothing to do with the amount of NIC cards in your
> firebox. Your FW vendor has been smokin' to much of their bandwidth
> lately.
> Email can be directed via other means and does not even have to be routed
> through your firewall. This would save you the hassle of setting up a
> Mail server inside your firewall. But it appears that you are in a
> different dilemma already.
>
> If your firewall is going to be setup behind an external router that is
> either maintained by your organization or by your ISP provider, there are
> many things that can be done to ensure redudancy and high availability at
> the Address routing piece of things. If your primary route loses
> connectivity, one can add a static route for the other ISP or have some
> simple BGP statements inserted in your router configuration.. But that
> also implies that your ISP has enough CLUE to SWIP a AS number for your
> site and process the proper statements to their routers regarding your AS
> number and network neighbors.
>
> But I just probably introduced a whole bunch of factors to a discussion
> that has not even taken place between you, your FW vendor and your ISP.
>
> /m
>
>
>
>
> Hui Stony <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 06/04/00 06:30 PM
>
>
> To: [EMAIL PROTECTED]
> cc:
> Subject: [FW1] Two Lan cards for Internet connection
>
>
>
> We are going to add one more internet connection on the existing FW-1
> gateway which is NT4 sp5 config with
> one NIC for internal LAN, one NIC for DMZ and one NIC for Internet
> connection for email and Web.
>
> But one of the FW vendor's engineer say it is ok just add one more NIC on
> the FW1 and coonect to another ISP.
> But the other FW vendor 's engineer say it would be problem for a FW1
> connect with two NIC for two ISP since
> there is only one default gateway can apply so the email may go through
> one
> ISP out but come back from the other
> ISP !?
>
> Would that be a problem to connect two NIC into the FW1 for Internet email
> ??
> Will FW1 keep the session or state for email connection ??
> If so, what alternative available ?! Forward all the mail to external SMTP
> agent or Forward all Internet Web browsing
> to external Proxy ?
>
> Any idea and reference link is welcome ! Thank you !
>
>
> GEMEX TRADING LIMITED
> Stony Hui
> IT Services (Network Support Officer)
>
> Visit GEMEX in the Metro-Intranet
>
> @ http://home.gemex-ag.com
>
>
>
>
> ==========================================================================
> ======
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ==========================================================================
> ======
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
