rdelrosario
asked on
Migrating to a new ISP
We will be moving to a new ISP and want to get some advice on the smoothest transition. We currently have a class C public network block from Verizon. We really only use about 40 of those IP for inbound mail servers, web servers, FTP and such. We want to move to the new ISP for greater bandwidth, but do want to keep the old ISP as a backup (more on that later).
We currently have a checkpoint NGX firewall with 3 interfaces (room for more). DMZ, Private, Public. We do not host our own DNS, our zone file is with Verizon with our domain. We don't have control panel access to modify ttl and such.. we have to call it in. My concerns are below. Please comment on each point as well as a chronological plan to achieve the least amount of downtime.
1. SSL enabled websites? How will those be affected if I just change the IP?
2. Checkpoint Firewall NAT rules? Any order/advice on how/when to change these or whether to create seperate objects and different rules in parrallel?
3. Mail MX records. When to change them. trying to not lose any mail in between switchover.
4. Best/least cost way to setup the secondary ISP as a backup? We'd like to be able to revert back to the old ISP (and obviously the IP block they have assigned us) when an outage occurs. I know there are the expensive F5 networks that provide some type of load balancing/ip change, but those are about 50K. Any creative ways to achieve switch over within 2-4 hours without expensive hardware/software?
We currently have a checkpoint NGX firewall with 3 interfaces (room for more). DMZ, Private, Public. We do not host our own DNS, our zone file is with Verizon with our domain. We don't have control panel access to modify ttl and such.. we have to call it in. My concerns are below. Please comment on each point as well as a chronological plan to achieve the least amount of downtime.
1. SSL enabled websites? How will those be affected if I just change the IP?
2. Checkpoint Firewall NAT rules? Any order/advice on how/when to change these or whether to create seperate objects and different rules in parrallel?
3. Mail MX records. When to change them. trying to not lose any mail in between switchover.
4. Best/least cost way to setup the secondary ISP as a backup? We'd like to be able to revert back to the old ISP (and obviously the IP block they have assigned us) when an outage occurs. I know there are the expensive F5 networks that provide some type of load balancing/ip change, but those are about 50K. Any creative ways to achieve switch over within 2-4 hours without expensive hardware/software?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
IN your dashboard, there is a very good help feature which will go into a lot more detail on the ISP redundancy front, which will also explain the NAT too.
If the normal help files dont cover it for you enough, let me know and I upload the R65 admion guides for firewall and smartcentre (there are decent sized PDFs, so best to try the help files first)
If the normal help files dont cover it for you enough, let me know and I upload the R65 admion guides for firewall and smartcentre (there are decent sized PDFs, so best to try the help files first)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We are running CheckPoint NGX R65 running SPLAT. Can you enlighten me on how ISP redundancy works on checkpoint. Would we just hook the other ISP router ethernet to another interface on the checkpoint box and then checkpoint handles/MONITORS a dead circuit. I'm not quite following you on the NAT affect. Am I to assume that we would have both ISP connections connected, but only 1 active at a time from checkpoints perspective? ANy info on this would be appreciated.