Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Bernardes
Advisor

ISP Redundancy

Hi Mates!

Could you please assist me with some doubts regarding IPS Redundancy?

For instance, when I have two physical interfaces, one for each link, and I want to configure ISP Redundancy in load-sharing mode to utilize both links simultaneously.

How should the outbound NATs be set up?

And in the case of published applications, do I need to create separate inbound NATs for each link?

I consulted the guide and reviewed some SKs, but it wasn't very clear. This is the first time I'm dealing with an environment requiring this setup, so I would greatly appreciate any tips on how to work with ISP Redundancy in the most effective way.

0 Kudos
2 Replies
Cyber_Serge
Collaborator

>And in the case of published applications, do I need to create separate inbound NATs for each link?

according to the documentation below, yes. Because with load sharing you don't know which ISP link the connection is coming to your DMZ servers.

https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_Quantum_SecurityGateway_Guid...

0 Kudos
the_rock
Legend
Legend

Hey again mate,

Yes, @Cyber_Serge is correct. Also, this is super important to remember with ISPR...when you have multiple tunnels configured, other peers would need to know if there is link failure and that sadly, is NOT automatic. Just mentioning this, as lots of people I talked to about it, did not have knowledge of that, so better to be aware in case it happens.

Cheers,

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events