 Re: 2 issues in ISP redundancy
1. The Check Point DNS proxy is "transparent", that means it grabs the query that was destined for the DNS server and answers it as if it was the said DNS server. So the client will think he always talked with the DNS server.
2. Not sure about site-to-site (guessing you probably need to define interfaces with the public IPs), but SecuRemote/SecureClient only need the IP initially to do the "Get topology". After that the VPN client will have all the information regarding VPN domain, interfaces, etc. As such, it will be aware that the firewall has 2 ISP links and will be able to make use of them. |