Re: [FW-1] Dual ISP Firewall Design Question

Subject:	Re: [FW-1] Dual ISP Firewall Design Question
From:	John Sims <jsims AT TRUENORTHSOLUTIONS DOT NET>
To:	FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Date:	Wed, 27 Apr 2005 16:55:03 -0400

It is also important to note that ISP redundancy is limited by the OS.  
Currently, only Solaris and Linux are capable of ISP redundancy - IPSO is NOT 
capable at this time.

- john

-----Original Message-----
From: dhananjoy [mailto:dhananjoyc AT GMAIL DOT COM]
Sent: Wednesday, April 27, 2005 3:20 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] Dual ISP Firewall Design Question

Hi,
If you are running NGAI R55 or above ,you can use the ISP Redundancy feature
in Load Sharing mode.
This feature doesnt cost extra and comes along with R55.
You can use the existing Cluster but you need to do some tweaking in the
existing SBFC configs, NAT configs for servers in DMZ and also VPN
configurations.

On 4/27/05, Ruiyuan Jiang <Ruiyuan_Jiang AT liz DOT com> wrote:
>
> Hi, all
>
> My client currently has two firewall modules with StoneBeat fullcluster
> with one ISP which has BGP configuration. Now my client wants to change
> the setup to utilize two ISPs (i.e. one in NY, one in CT with different
> network number) instead of one ISP and BGP setup. What is the best way
> to accomplish this?
>
> The client is thinking that dismantle the firewall cluster and put one
> in CT and another one in NY as individual firewall to save firewall
> cost. For high availability of DMZ, it might need to setup two DMZs (one
> in CT and one NY) in case of the site failure. Do we need to have load
> balancer for ISP in front of firewalls to monitor the availability of
> ISPs? Internally the client is trying to use router to control users'
> internet access with proxy server (i.e. NY users accessing internet
> using NY's ISP link, CT users accessing internet using CT's ISP link).
> Any recommendations? Thanks.
>
> Ryan
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>

--
Regards,
dhananjoy
India.
Phone : 091-9899602123
---------------------------------------------------------------
Registered Linux user # 375503
http://counter.li.org
---------------------------------------------------------------
Some men see things as they are and say why?
I dream things that never were and say "Why Not?"
-Robert F. Kennedy

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
IMPORTANT: The information contained in this electronic message and/or its
attachments is intended only for the use of the individual(s) named above and
may contain information that is privileged and/or confidential. If you are not
the intended recipient, please notify the sender immediately by reply and
immediately delete this message and all its attachments without making any
copies or distributions thereof. Any review, use, reproduction, disclosure or
dissemination of this message or any attachment by an unintended recipient is
strictly prohibited and may violate copyrights and/or other laws. Neither the
sender, his or her employer nor any of their respective affiliates makes any
warranties as to the completeness or accuracy of any of the information
contained herein or that this message or any of its attachments is free of
viruses.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

<Prev in Thread]	Current Thread	[Next in Thread>
[FW-1] Dual ISP Firewall Design Question, Ruiyuan Jiang Re: [FW-1] Dual ISP Firewall Design Question, dhananjoy Re: [FW-1] Dual ISP Firewall Design Question, John Sims <= Re: [FW-1] Dual ISP Firewall Design Question, André L. Re: [FW-1] Dual ISP Firewall Design Question, Ruiyuan Jiang

Previous by Date:	Re: [FW-1] securemote auto-logon with certificate?, fwguru
Next by Date:	Re: [FW-1] IS hiding behind NAT always necessary, fwguru
Previous by Thread:	Re: [FW-1] Dual ISP Firewall Design Question, dhananjoy
Next by Thread:	Re: [FW-1] Dual ISP Firewall Design Question, André L.
Indexes:	[Date] [Thread] [Top] [All Lists]