CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 2 of 2

Thread: configuring isp redundancy R65/ IPSO

  1. #1
    Join Date
    2012-08-29
    Posts
    80
    Rep Power
    8

    Default configuring isp redundancy R65/ IPSO

    Hi all

    I have 2 internet links connected to 2 interfaces on my firewall.

    I just want ISP redudancy for outgoing connections only if possible.

    can anyone tell me what I need to do,

    1.Routing in IPSO ? will there be 2 default routes with same metric?

    2.will i need to do 2 hide nats ?

    3.should i run a ping to each isp router?

    please help

    cheers

    Carl

  2. #2
    Join Date
    2007-06-04
    Posts
    3,303
    Rep Power
    17

    Default Re: configuring isp redundancy R65/ IPSO

    Read the Firewall Admin Guide section on ISP Redundancy and also sk25152. This will provide an understanding of how it works, and what you need to configure.

    There is a lot to do and to be honest is too much to sit and type out a step by step guide for you.

    Routing in ISP Redundnacy is not configured on the box, you simply configure 1 DG in IPSO which should be the Primary or First ISP link.

    The scripts will then control the actual DG on the box depending upon failure etc.

    For purely outbound traffic then you should use Hide Behind gateway. Servers etc will need a total of 4 NAT rules to get inbound and outbound traffic. Inbound traffic is routed depending upon DNS unless you host DNS yourself and use the DNS proxy.

    Even for experienced Check Point admins then ISP redundancy is quite challening with the NAT rules, editing files etc. My advice would be to look at getting someone in to do for you. A lot of consultants will let you do the actual work under there supervision. I know that I do when I am on site as that way you will properly learn how it works still.

Similar Threads

  1. ISP Migration - Nokia IPSO and Checkpoint R65-70
    By Steve in forum ISP Redundancy
    Replies: 2
    Last Post: 2010-08-02, 08:04
  2. Problems configuring Static NAT with ISP redundancy on R65 HA cluster
    By salvatore in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 1
    Last Post: 2009-06-26, 10:47
  3. 3rd ISP in ISP Redundancy
    By edb105 in forum ISP Redundancy
    Replies: 1
    Last Post: 2008-02-06, 21:07
  4. Force one ISP with ISP REDUNDANCY
    By Porter in forum ISP Redundancy
    Replies: 7
    Last Post: 2007-05-16, 09:23
  5. ISP redundancy
    By Ivar_ in forum ISP Redundancy
    Replies: 1
    Last Post: 2006-05-24, 04:07

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •