Setup 1
ISP1---->Router1------>NIC1
(External)----------------------------------nat -----> NIC2
(internal)
|
|
|
|
ISP2---->Router2--------------------->NIC4(External)
NIC3 DMZ
with the above setup can I have
1.Is it possible to define two nat's to two external NIC's (if we take
extra license for the NIC4 Valid IP)
Setup 2
Server
1
ISP1---->Router1------>NIC1 (External)----nat -----> NIC2
(internal)
|
|
NIC3 DMZ
web & mail servers on static nat
Server
2
ISP2---->Router2------>NIC1 (External)----nat -----> NIC2
(internal)
|
|
NIC3 DMZ
web & mail servers on static nat
If I replicate the setup...
1. with this I think I have to use Stonebeat software for
loadbalancing
Thanks once again.
regs
sathish m r
web & mail servers on static nat----- Original Message -----
Sent: Monday, February 19, 2001 1:37
PM
Subject: RE: [FW1] Multiple
links
if you want TRUE redundancy, you'll have to consider ALOT more than
just another link....
first, you'll need to run BGP between your ISPs and you network.
IMHO, this is nothing less than required. this will make your inbound
connection redundant and failed-over. however BGP typically requires alot
of router memory (65+Mb). that limits your choice of routers to a very
small number (Cisco 3640, 72xx, etc). although it can certainly be done
with smaller routers, if you limit the amount of inbound routes. if you
don't implement BGP, you will spend hours/days/months trying to figure out
the routing and trying to make one firewall work with different ISPs. for
example: which ISPs IP address will you hide behind? how will "the
Internet" know which T-1 to use to connect to your
network?
continue reading ONLY if you are, or will, consider
BGP.
second, you'll probably want to make sure that the two ISPs are
being carried by two separate Telcos. otherwise, if the telco has a
problem with it's network, you'll probably lose BOTH
T-1s
third, you'll want to consider two of those above routers. what if
the router fails?
fourth, what about redundant firewalls? it'll look real dumb if you
have two ISPs, but a power supply/NIC/Hard Drive/etc in that unnamed
piece of hardware running that unnamed OS fails.
fifth, what do you *really* want to achieve by having multiple
ISPs. I think there are ALOT more points of failure that need to be
considered before anyone thinks they are redundant.
we have spent many many hours and dollars on making them redundant,
but we still have failures and downtime. you will NEVER achieve 100%
uptime. you are dreaming if that's what you think. in my experience,
90% of the downtimes are caused by software problems, not T-1s/Telcos. I
would make sure i have two of everything (router, FW, T-1s, ISPs, Telcos)
before I consider it "redundant".
Just my $0.02....
Dave O.
Hi all,
We have Checkpoint firewall 4.1 setup as
shown below
ISP---->Router------>NIC1 (External)----nat -----> NIC2
(internal)
|
|
NIC3 DMZ
web & mail servers on static nat
ISP leased line (HDLC)--->Router (serial
port)-->Router Ethernet ports--> CP 4.1 Ext interface
--->Internal NIC and DMZ NIC (Natted to Private zone &
DMZ).
Now I have to add one more leased line to
this setup for link redundancy. The second link will be taken from
a different ISP which in turn assigns us with different pool of Valid IP
addresses.
Could some one help me with information,
who have setup or come across this sort of situation.
Thanks
Regs
sathish m
r