[Brian]

I want to setup ISP redundancy on a 2nd circuit that has just been installed, and it has to work in primary/backup mode rather than load sharing. I would be pleased if anyone could suggest a way of getting this to work because I seem to have reached a stumbling block for inbound connections.

As far as I can see, this will only reliably work if there are only have two DNS servers, one on each circuit, so that DNS queries will than be handled by the Checkpoint module regardless of which circuit has failed. As soon as I have a secondary DNS server out on the Internet, there's a good possibility that this will be queried by remote clients and it will return an address on the primary circuit, which is useless when the primary circuit has failed.

Relying on just two name servers on my site is not an option since we have MX records for remote subdomains, and to cover the situation where our entire site is out of action we must have an offsite name server running.