dejones44
asked on
2 ISP's and 1 Firewall
ISP 1 provides a T1 connection with a subnet x.x.x.0 /24 with a 2600 series router
ISP 2 provides ethernet hand off to internet ( 5 meg ) with a x.x.x /24 subnet with a 2600 series router
Nothing is configured between the ISP's meaning NO BGP & NO HSRP
we have only one firewall ( checkpoint ) with one external interface and 2 internal interfaces.
How can this firewall be configured to sit behind these two ISP routers and support local area network with web and mail server.
Do we need any additional hardware ?
Please provide me the best solution for this ..
Thanks in advance
ISP 2 provides ethernet hand off to internet ( 5 meg ) with a x.x.x /24 subnet with a 2600 series router
Nothing is configured between the ISP's meaning NO BGP & NO HSRP
we have only one firewall ( checkpoint ) with one external interface and 2 internal interfaces.
How can this firewall be configured to sit behind these two ISP routers and support local area network with web and mail server.
Do we need any additional hardware ?
Please provide me the best solution for this ..
Thanks in advance
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cisco folks confirmed that the PIX and ASA firewalls do not have the option for two wan interfaces.
Haven't heard from checkpoint and i am not sure how to proceed on this.
Haven't heard from checkpoint and i am not sure how to proceed on this.
Yes, thatz why I was pointing to do the aggregation + load balancing at the router level and let PIX handle only one ip address.
Cheers,
Rajesh
Cheers,
Rajesh
ASKER
load balance and failover on one router !
yes you can use one router for both load balancing and failover, however since you have 2 routers its always adviceable to use 2 routers.
Walter
Walter
Fortinet, juniper and Sonicwall have dual wan with load balancing / fail over
ASKER
Could you please explain in detail about the connectivity from the isp routers to the checkpoint with the hardware needed ?
Do we need any special license for the firewall to have TWO external Interfaces ?
I guess we just have a standard license to support 100 ip addresses
I have two internal networks ( 192.168.20.0 /24 and 192.168.40/24 )
I undertsand the lowest mx reord will have the highest priority but how would define the priority for a website ?