CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 Platforms > Check Point UTM-1 Appliances
A setup question A setup question
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2008-08-27
Junior Member
  
Join Date: 2008-02-21
Posts: 10
Rep Power: 0
ggts2008 has an average reputation (10+)
Default A setup question
Hi All,

I have UTM-1 450.

I have 3 internet lines coming from different ISPs. The current setup scenario is one Internet line is dedicated to an Exchange server. Other two internet lines are used for browsing for the LAN users.

I am implementing UTM-1 450 where all the three lines land in Check Point.

I have setup ISP redundancy (load sharing) with the three lines. My problem is how do I prevent the LAN users from using the line dedicated to Exchange server. If the two lines go down, the LAN users will start using the line dedicated to the Exchange (please correct me if I am wrong).

How should I write the NAT/Security rules so that the line to the Exchange is not used by LAN users at any point.

My second question is - Is there a way where I can split the traffic as 60-40% in the two leased lines used by the LAN users for browsing (I think sonicwall has this feature)?

Can somebody help please?

Thanks in advance.
Reply With Quote
  #2 (permalink)  
Old 2008-08-28
Senior Member
  
Join Date: 2006-01-25
Posts: 926
Rep Power: 3
melipla has an average reputation (10+)
Default Re: A setup question
Quote:
Originally Posted by ggts2008 View Post
I have setup ISP redundancy (load sharing) with the three lines. My problem is how do I prevent the LAN users from using the line dedicated to Exchange server.
Based on your configuration, if 2 of the 3 ISP Links went down, everyone would automatically start using the last available ISP link. There's two things you could do, set up QoS such that Exchange traffic takes priority or manually prevent it by pushing a rule which would drop everything except for Exchange traffic...

Quote:
Originally Posted by ggts2008 View Post
My second question is - Is there a way where I can split the traffic as 60-40% in the two leased lines used by the LAN users for browsing (I think sonicwall has this feature)?
Not in a Load Sharing ISP Redundancy model:

Quote:
Load Sharing mode connects to both ISPs, while distributing the load of outgoing connections between the ISPs. New connections are randomly assigned to a link. If a link fails, all new outgoing connections are directed to the active link.
If you had two UTM-1's you could set up a Load Sharing Cluster which you'd then be able to designate which member gets more traffic.
__________________
Its all in the documentation.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 04:56.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0