Cisco IP SLA Firewall Equivilant
Posted on 2013-10-29
On common problem that you have to deal with in a network is choosing the best path. In small companies often this just means keeping a group of say 20, 40 people connected
to the Internet. With Cisco IOS there is a feature I really like called "IP SLA" where I can set a target IP address and use ICMP Echo to verify that the path is good and then setup routes that rely on this upnessness. If the path goes bad a floating static route with a higher weight is ready to take over in just a few seconds. It works flawlessly.
I wondered if a similar feature existed in either Cisco or other firewalls (Sonicwall, Juniper, other?). And I have one additional requirement.
So imagine (LAN)---[Firewall]<
Hopefully that beautiful ASCII art draws ok when I post. But in effect I want two ISPs
on the outside of my firewall. Each ISP has given me a small /27 block. I want the firewall to verify the path to the Internet is good via each ISP and for it to prefer ISP A in most cases. What firewalls have the equivalent of IP SLA to assure that there is a good path to the Internet at all times? I assume I would have two Outside Interfaces and one inside interface and NAT would correspond with the path taken.