Thanks a lot for that Wolfgang, appreciated. Just to clarify some poinhts I made (sorry for not being more clear about them). Below are actual questions customer asked me:
-What has to be done in configuration to ensure IPSEC Office Mode Tunnels and the SSL VPN Mobile client will work on both interfaces?
-What additional DNS configuration needs to be done in the Checkpoint Redundancy configuration to ensure the firewall resolves the interfaces with no issue.
-a capture of any other configurations that we have not yet discussed above that need to be changed.
I know for VPN, there is a setting under isp redundancy page in dashboard to "apply settings to vpn", which I read would mean it overrides existing link selection settings, but I believe thats what most customers would want anyway, specially in case like this, where main link is fiber 1 GB connection and backup is only 20 MB. For dns, I dont think they need to change actual dns servers. but the dns proxy setting says its if you have servers that are accepting incoming connections, then needs to be configured.
Dont worry about my certificate question, as Im sure that does not apply to ips redundancy. He was more asking me that if they use 3rd party cert for mobile access or https inspection if that would be affected, but Im pretty sure it would not be.
Also, for policy based routing, I do see in my lab it gives you options to set up the routes, but based on priorities and interfaces, NOT actual isp link, but corretc me if Im wrong, you can simply choose interface corresponding to the isp link to reflect that route, correct?
Again, thanks for the response!
Andy