Thread: VPN / ISP redundancy architecture
View Single Post
  #1 (permalink)  
Old 2007-08-14
underattack underattack is offline
Junior Member
  
Join Date: 2007-07-17
Posts: 10
Rep Power: 0
underattack has an average reputation (10+)
Default VPN / ISP redundancy architecture
Hello,

I am working on a solution with high-availibility and I would like to be sure about VPN and ISP redundancy.

If I have a firewall A with 2 ISP (primary link with ISP1/backup with IPS2), and a VPN with a firewall B, do firewalls A and B have to be managed by the same SmartCenter for the VPN/ISP redundancy to work ?

If a link fails on firewall A, how firewall B will know that it will have to go through the ISP2 link on the Firewall instead of ISP1 ?

As the Firewall A will have 2 public addresses, how will Firewall B learn the second IP address as the object is defined with 1 IP address ?

Can this work if the 2 Firewalls are not managed by the same smartCenter ?


If both Firewall A and B use ISP redundancy, will the VPN redundancy still work ?

Do I have to use interface VPN with dynamic routing for the redundancy ?

I realize this is a lot of question but I would a have a best understanding on how this works exactly to implement it.

Cheers,

Fabien
Reply With Quote