Setup 1
ISP1---->Router1------>NIC1
(External)----------------------------------nat -----> NIC2
(internal)
|
|
|
|
ISP2---->Router2--------------------->NIC4(External)
NIC3 DMZ
with the above setup can I have
1.Is it possible to define two nat's to two external NIC's (if we take
extra license for the NIC4 Valid IP)
Setup 2
Server
1
ISP1---->Router1------>NIC1 (External)----nat -----> NIC2
(internal)
|
|
NIC3 DMZ
web & mail servers on static nat
Server
2
ISP2---->Router2------>NIC1 (External)----nat -----> NIC2
(internal)
|
|
NIC3 DMZ
web & mail servers on static nat
If I replicate the setup...
1. with this I think I have to use Stonebeat software for
loadbalancing
Thanks once again.
regs
sathish m r
web & mail servers on static nat----- Original Message -----
Sent: Monday, February 19, 2001 1:37
PM
Subject: RE: [FW1] Multiple links
if
you want TRUE redundancy, you'll have to consider ALOT more than just
another link....
first, you'll need to run BGP between your ISPs and you network.
IMHO, this is nothing less than required. this will make your inbound
connection redundant and failed-over. however BGP typically requires alot of
router memory (65+Mb). that limits your choice of routers to a very small
number (Cisco 3640, 72xx, etc). although it can certainly be done with
smaller routers, if you limit the amount of inbound routes. if you don't
implement BGP, you will spend hours/days/months trying to figure out the
routing and trying to make one firewall work with different ISPs. for
example: which ISPs IP address will you hide behind? how will "the Internet"
know which T-1 to use to connect to your network?
continue reading ONLY if you are, or will, consider
BGP.
second, you'll probably want to make sure that the two ISPs are being
carried by two separate Telcos. otherwise, if the telco has a problem with
it's network, you'll probably lose BOTH T-1s
third, you'll want to consider two of those above routers. what if
the router fails?
fourth, what about redundant firewalls? it'll look real dumb if you
have two ISPs, but a power supply/NIC/Hard Drive/etc in that unnamed
piece of hardware running that unnamed OS fails.
fifth, what do you *really* want to achieve by having multiple ISPs.
I think there are ALOT more points of failure that need to be considered
before anyone thinks they are redundant.
we
have spent many many hours and dollars on making them redundant, but we
still have failures and downtime. you will NEVER achieve 100% uptime. you
are dreaming if that's what you think. in my experience, 90% of the
downtimes are caused by software problems, not T-1s/Telcos. I would make
sure i have two of everything (router, FW, T-1s, ISPs, Telcos) before I
consider it "redundant".
Just my $0.02....
Dave O.
Hi all,
We have Checkpoint firewall 4.1 setup as
shown below
ISP---->Router------>NIC1 (External)----nat -----> NIC2
(internal)
|
|
NIC3 DMZ
web & mail servers on static nat
ISP leased line (HDLC)--->Router (serial
port)-->Router Ethernet ports--> CP 4.1 Ext interface
--->Internal NIC and DMZ NIC (Natted to Private zone &
DMZ).
Now I have to add one more leased line to
this setup for link redundancy. The second link will be taken from a
different ISP which in turn assigns us with different pool of Valid IP
addresses.
Could some one help me with information, who
have setup or come across this sort of situation.
Thanks
Regs
sathish m
r