Setup 1
ISP1---->Router1------>NIC1
(External)----------------------------------nat -----> NIC2 (internal)
|
|
|
|
ISP2---->Router2--------------------->NIC4(External)
NIC3 DMZ
with the above setup can I have
1.Is it possible to define two nat's to two external NIC's (if we take
extra license for the NIC4 Valid IP)
Setup 2
Server
1
ISP1---->Router1------>NIC1 (External)----nat -----> NIC2
(internal)
|
|
NIC3 DMZ
web & mail servers on static nat
Server
2
ISP2---->Router2------>NIC1 (External)----nat -----> NIC2
(internal)
|
|
NIC3 DMZ
web & mail servers on static nat
If I replicate the setup...
1. with this I think I have to use Stonebeat software for
loadbalancing
Thanks once again.
regs
sathish m r
web & mail servers on static nat----- Original Message -----
Sent: Monday, February 19, 2001 1:37
PM
Subject: RE: [FW1] Multiple links
if
you want TRUE redundancy, you'll have to consider ALOT more than just another
link....
first, you'll need to run BGP between your ISPs and you network. IMHO,
this is nothing less than required. this will make your inbound connection
redundant and failed-over. however BGP typically requires alot of router
memory (65+Mb). that limits your choice of routers to a very small number
(Cisco 3640, 72xx, etc). although it can certainly be done with smaller
routers, if you limit the amount of inbound routes. if you don't implement
BGP, you will spend hours/days/months trying to figure out the routing and
trying to make one firewall work with different ISPs. for example: which ISPs
IP address will you hide behind? how will "the Internet" know which T-1 to use
to connect to your network?
continue reading ONLY if you are, or will, consider
BGP.
second, you'll probably want to make sure that the two ISPs are being
carried by two separate Telcos. otherwise, if the telco has a problem with
it's network, you'll probably lose BOTH T-1s
third, you'll want to consider two of those above routers. what if the
router fails?
fourth, what about redundant firewalls? it'll look real dumb if you
have two ISPs, but a power supply/NIC/Hard Drive/etc in that unnamed
piece of hardware running that unnamed OS fails.
fifth, what do you *really* want to achieve by having multiple ISPs. I
think there are ALOT more points of failure that need to be considered before
anyone thinks they are redundant.
we
have spent many many hours and dollars on making them redundant, but we still
have failures and downtime. you will NEVER achieve 100% uptime. you are
dreaming if that's what you think. in my experience, 90% of the downtimes
are caused by software problems, not T-1s/Telcos. I would make sure i have two
of everything (router, FW, T-1s, ISPs, Telcos) before I consider it
"redundant".
Just
my $0.02....
Dave
O.
Hi all,
We have Checkpoint firewall 4.1 setup as shown
below
ISP---->Router------>NIC1 (External)----nat -----> NIC2
(internal)
|
|
NIC3 DMZ
web & mail servers on static nat
ISP leased line (HDLC)--->Router (serial
port)-->Router Ethernet ports--> CP 4.1 Ext interface --->Internal
NIC and DMZ NIC (Natted to Private zone & DMZ).
Now I have to add one more leased line to this
setup for link redundancy. The second link will be taken from a
different ISP which in turn assigns us with different pool of Valid IP
addresses.
Could some one help me with information, who
have setup or come across this sort of situation.
Thanks
Regs
sathish m
r