[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Two ISPs
Brad Pinkston wrote: > > We are currently switching ISP and must reroute the /24 network we own. Is > there any way to configure these lines to work together as the route change > is taking effect with Internic? > > I wasn't sure if this would work: > 1) Configure both interfaces as default routes with old ISP higher priority > (Is this how static routes priority works on Nokia?) > 2) As soon as the route change takes effect traffic should continue on new > line (Or will our network traffic still go outbound on old line because of > priority?) > > The only need for BGP would be if one line went down so all our subnets > could work on both ISPs, correct? > > Any help on this matter would be greatly appreciated. >From a routing point of view, there really isn't anything special you need to do. The ISPs should be taking care of everything. (And good luck with that all happening smoothly. Heh.) Once the link with the new ISP is up and running, you can send all of the packets out that way. Until it up, don't use it. As the new route to your network propagates through the global BGP tables, the returning traffic will shift from coming in through old ISP to new ISP. Just remember that which way the packets go out has absolutely nothing to do with what route the responses come back, i.e. you cannot influence the return path by chosing which link you transmit from. There really is no point in trying to use both at once. Now, from the firewall's perspective, this may be trouble. Since you can have packets go out of the new link and come back in the old. (Or the other way around if you wait to switch to the new link until after the new ISP starts advertising your address block.) You may need to disable anti-spoofing to get the firewall to pass that kind of traffic. It would otherwise complain that the responses are coming into the wrong interface. If you want more help with that, more about your topology and your FW-1 version would be necessary. -- Crist J. Clark [email protected] Globalstar CommunicationsThe information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [email protected] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|