|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Multiple ISPs from firewall....
Simplest thing I think it to run the 2 ISP circuits into your edge router and run BGP. The firewall won't have to do any dynamic routing, and NAT can be unaffected as long as your carriers will announce the real IP space you are part of. Load sharing occurs naturally - traffic routes by who has the least # of AS hops. If one provider is peered better, the bulk of the traffic will go that way. Then you can weight against that circuit to try and balance a bit. It is the balancing that is the tricky part. Sharing is automatic. There are also devices that do this sort of thing (radware linkproof comes to mind, etc) that you might want to look at. It swaps circuits and does the NAT for you so again, the firewall has nothing to do but firewall.. hth - Joe >>> Srinivasa Rao Bandaru <[email protected]> 03/19/02 10:18AM >>> Hi, I am just planning for resilience for the internet mail traffic. As part of this we are planning to have another internet connection from another ISP, So that if one internet connection goes down, the other internet connection wud be there for the mail traffic. I am using CP4.1-SP5 on Nokia IPSO-3.4. But I would like to know about the following issues: What happens to the NAT translations on the firewall? They are hard coded with 1st internet valid addresses in the firewall implied NAT rules. Suppose if the 1st internet connection goes down, the packets would go through the 2nd internet connection as 1st internet valid addresses according to NAT rules, But the reply would still tries to come through 1st internet link obviously and fail..... How can firewall know about the status of two internet links and route accordingly? How do I configure load sharing? I hope I am clear here. Please let me know the various solutions for this. Thanks a lot in advance. -Srinivas B. This message is confidential and may also be legally privileged. If you are not the intended recipient, please notify us immediately. You should not copy it or use it for any purpose, not disclose its contents to any other person. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of Wilco International ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
