Currently, we have deployed a ClusterXL gateway managed by a management server protecting a handful of servers and users through our service provider. Through that service provider we have a /27 that we use to hide NAT various networks and static/hide NAT various servers for both inbound and outbound services. For network redundancy, we will soon be setting up a secondary internet connection through a different provider which will also be providing a /27. I have been looking at using ISP Redundancy to manage the two connections, but this presents some problems with how it's setup and the restrictions on using advanced routing with ISP Redundancy enabled.

With that in mind, I am now considering standing up another firewall that will handle the routing and NAT for the second service provider and just worry about switching our internal default gateway to the other firewall in the event of a failure with the first service provider.

Now, my question is, what is wrong with taking that approach? Is there a problem with duplicating the configuration, NAT rules, subnets, etc. to support another firewall and service provider to protect the same resources? Maybe there is a better way to go about this that I might be missing?

Thanks for any help!