CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


First, I hope you're all well and staying safe.
Second, I want to give a "heads up" that you should see more activity here shortly, and maybe a few cosmetic changes.
I'll post more details to the "Announcements" forum soon, so be on the lookout. -E

 

Results 1 to 2 of 2

Thread: Route specific network out of specific ISP

  1. #1
    Join Date
    2012-12-06
    Posts
    6
    Rep Power
    0

    Default Route specific network out of specific ISP

    Hi all. To begin, I'm running r71.30 with two firewalls and a separate Linux based management server.

    We have a connection to a vendor that we will eventually replicating data to. Internally the network is defined as 172.16.254.0 /24 on our firewall. Any traffic destined for that network we forward to a local Juniper device no our network that the vendor manages; from there the vendor does the VPN connection to another Juniper at their off-site location through our Internet. The second connection on the Juniper is connected directly to our external firewall interface, so no NAT'ting is done; basically the Junipers exchange crypto info using public IP addresses.

    My question is, we want this traffic to always use our BACKUP ISP, to keep the heavy load of the replication traffic off of our primary Internet connection and supply the entire bandwidth to the replication process.

    How do I go about doing this?

    Thank you all for your time and assistance !

    Tim

  2. #2
    Join Date
    2007-06-04
    Posts
    3,314
    Rep Power
    17

    Default Re: Route specific network out of specific ISP

    Quote Originally Posted by timtekk View Post
    The second connection on the Juniper is connected directly to our external firewall interface, so no NAT'ting is done; basically the Junipers exchange crypto info using public IP addresses.
    If I am reading you correctly then Juniper's external interface is parallel with the R71.30 Firewall, in that you say is connected directly to the external firewall interface. If the external interface of the R71.30 was plugged directly into the Juniper then would have to go via the Juniper to get to the Internet. Either that or I am completely misunderstanding you.

    As such I would see the traffic pattern as such

    Traffic arrives at R71.30 system, and then is forwarded to 1st interface of Juniper Firewall. The 2nd Interface has a public IP which is used for the VPN Negotiation. This 2nd interface is parallel with the R71.30 firewall so I don't see the R71.30 having any involvement with the VPN.

    Sounds to me as though simply need to have the Juniper point at the backup ISP. Don't really see where the Check Point would be involved in this routing at all.

    If I am misunderstanding the topology then it may help to put up a topology diagram people can see. No need for IP details

Similar Threads

  1. Source Specific Multicast
    By B0dhi74 in forum Miscellaneous
    Replies: 1
    Last Post: 2009-10-29, 08:59
  2. Disabling NAT for specific Interface/Network
    By fazrul in forum NAT (Network Address Translation)
    Replies: 1
    Last Post: 2006-10-05, 08:59
  3. Ignoring specific URL's
    By kevster555 in forum IPS Blade (Formerly SmartDefense)
    Replies: 1
    Last Post: 2006-07-24, 15:17
  4. more network behind a specific router
    By giulitn in forum Topology Issues
    Replies: 0
    Last Post: 2006-05-15, 12:47
  5. Specific Rules on Specific Interfaces
    By roadrunner in forum SmartDashboard
    Replies: 0
    Last Post: 2005-08-13, 15:28

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •