configuring isp redundancy R65/ IPSO

[carl_t]

Hi all

I have 2 internet links connected to 2 interfaces on my firewall.

I just want ISP redudancy for outgoing connections only if possible.

can anyone tell me what I need to do,

1.Routing in IPSO ? will there be 2 default routes with same metric?

2.will i need to do 2 hide nats ?

3.should i run a ping to each isp router?

please help

cheers

Carl

[mcnallym]

Read the Firewall Admin Guide section on ISP Redundancy and also sk25152. This will provide an understanding of how it works, and what you need to configure.

There is a lot to do and to be honest is too much to sit and type out a step by step guide for you.

Routing in ISP Redundnacy is not configured on the box, you simply configure 1 DG in IPSO which should be the Primary or First ISP link.

The scripts will then control the actual DG on the box depending upon failure etc.

For purely outbound traffic then you should use Hide Behind gateway. Servers etc will need a total of 4 NAT rules to get inbound and outbound traffic. Inbound traffic is routed depending upon DNS unless you host DNS yourself and use the DNS proxy.

Even for experienced Check Point admins then ISP redundancy is quite challening with the NAT rules, editing files etc. My advice would be to look at getting someone in to do for you. A lot of consultants will let you do the actual work under there supervision. I know that I do when I am on site as that way you will properly learn how it works still.