We will be moving to a new ISP and want to get some advice on the smoothest transition. We currently have a class C public network block from Verizon. We really only use about 40 of those IP for inbound mail servers, web servers, FTP and such. We want to move to the new ISP for greater bandwidth, but do want to keep the old ISP as a backup (more on that later).
We currently have a checkpoint NGX firewall with 3 interfaces (room for more). DMZ, Private, Public. We do not host our own DNS, our zone file is with Verizon with our domain. We don't have control panel access to modify ttl and such.. we have to call it in. My concerns are below. Please comment on each point as well as a chronological plan to achieve the least amount of downtime.
1. SSL enabled websites? How will those be affected if I just change the IP?
2. Checkpoint Firewall NAT rules? Any order/advice on how/when to change these or whether to create seperate objects and different rules in parrallel?
3. Mail MX records. When to change them. trying to not lose any mail in between switchover.
4. Best/least cost way to setup the secondary ISP as a backup? We'd like to be able to revert back to the old ISP (and obviously the IP block they have assigned us) when an outage occurs. I know there are the expensive F5 networks that provide some type of load balancing/ip change, but those are about 50K. Any creative ways to achieve switch over within 2-4 hours without expensive hardware/software?