[mcnallym]

1. Most DNS requests will be answered by the Check Point DNS Proxy, which will take care of what links are down for you. It will answer hostname or A records but other requests will be forwarded to the the DNS Server ie MX.

If the DNS has two MX records then if the first ISP is down then the Email will retransmit to the secondary MX record.

You will also need to follow the information regarding creating the Dynamic Objects in the SMARTDashboard and then on the actual firewalls themselves from the knowledgebase and the NGX documentation.

2. For VPN's then you can enable the VPN as well and for Check Point firewalls that you manage they will know about the ISP Redundancy on the system and will use the other link if the first fails. For non-Check Point Firewalls then need to define secondary gateway, also with Check Point you don't manage.

SecuRemote/SecuClient will pick up both links via Topology download and handle what line to use automatically for you. If line drops you need to disconnect and reconnect which will then goto the other link.