Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] More than One ISP but One Firewall

To: [email protected]
Subject: Re: [FW-1] More than One ISP but One Firewall
From: Joe Pampel <[email protected]>
Date: Wed, 13 Mar 2002 11:46:06 -0500
Comments: To: [email protected]
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I do this. We run edge routers with diverse T1's (different loop providers, different POP's and different carriers) and behind the router is a HA firewall solution. The good part as others have mentioned is that you need only statics on the FW, and failover is very clean. The firewall can just focus on doing FW stuff (not dynamic routing!) We've had maybe 7 outages in the past year involving at least one of our T's (the worst day we had 5 down!, the longest outage was 9 days when a genious at an associated ISP (not our provider) lost our B8ZS circuit in a shelf full of AMI circuits.. "gee, what's that doing here? and dumped it. By the time the fingerpointing was over, it had been nearly a week!!! Diversity rules and BGP WILL pay for itself IMHO. Something like this need only happen once, you know?)  Anyhow, not a single user ever noticed. BGP converges for most local stuff in around a minute or 2. I sleep much better than I used to. ;-)  It's worth mentioning that we don't r!
un a site to site VPN, and BGP would not save your VPN session.. but for any "normal" traffic - http, smtp, etc it's great and you could re-establish your VPN after a couple minutes anyhow. Not the end of the world in most cases I'd guess.
We're moving to a setup with redundant edge routers which will complete the project. If I can make it another month or so, it will have been a full year without so much as a second of outage. (oops! now I'm gonna get it..)

- Joe

>>> Russell Washington <[email protected]> 03/12/02 11:17AM >>>
The traditional topology for this is to have a router terminate both ISP
connections, and then have your firewall sitting behind the router.  This
topology assumes that your entire point in having 2 ISP connections is to
have a failover option, and while routers generally have the ability to
failover via BGP, your firewall almost certainly won't.

I don't quite understand 'protect them with single ISP.'  The ISP doesn't
protect a thing, the firewall does.  Maybe you could clarify.

-----Original Message-----
From: harsh bhasin [mailto:[email protected]]
Sent: Monday, March 11, 2002 9:59 PM
To: [email protected]
Subject: [FW-1] More than One ISP but One Firewall


Hi

Is that possible that i have two internet links freom
two different ISP's and protect them with single ISP

If yes then what issues are involved if no then why.


Regards
Harsh Bhasin

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] More than One ISP but One Firewall
  - From: Mark Ward <[email protected]>

Prev by Date: [FW-1] doing ike with VPN1 through NAT
Next by Date: [FW-1] Linux Eval?
Previous by thread: Re: [FW-1] More than One ISP but One Firewall
Next by thread: Re: [FW-1] More than One ISP but One Firewall
Index(es):
- Date
- Thread