This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Joe_Kanaszka
Advisor
Monday
Jump to solution

Small 25 person branch office - Do I need a seperate ISP router?

Hi all - 

 

We have a small 25 person branch office with extremely basic routing needs.  We are currently running on a pair of 5100 Security Gateways configured in a  cluster.   We will be migrating to a pair of 9100s next month.

Wecurrently have a seperate router that is used for our "Active" ISP connection.  Our "Standby" connection terminates directly into the security gateway and the Check Point acts as a router for this ISP.

For a company our size, do we need a seperate ISP router?  When we do our migration to the new 9100s next month, I was considering getting rid oof the router and just plugging the circuit directly into the "External" interface of the 9100.  

0 Kudos
2 Solutions

Accepted Solutions
Lesley
MVP Gold
MVP Gold
Monday
Jump to solution

Does this router do anything special a firewall cannot do or in a limited way? Think of OSPF, BGP

A router is never a firewall and other way around. If nothing special is configured on the router just move the external link directly on the fw. And get rid of the router/ 

You can also ask the ISP if they support this, if you are running a router owned by the ISP. 

-------
Please press "Accept as Solution" if my post solved it 🙂

View solution in original post

(1)
the_rock
MVP Gold
MVP Gold
Monday
Jump to solution

Hey brother,

If customer asked me this question, I would literally say this "No, you dont need separate router, save your money and buy something you do need" : - )

You are welcome 😊

Best,

Andy

View solution in original post

(1)
9 Replies
Lesley
MVP Gold
MVP Gold
Monday
Jump to solution

Does this router do anything special a firewall cannot do or in a limited way? Think of OSPF, BGP

A router is never a firewall and other way around. If nothing special is configured on the router just move the external link directly on the fw. And get rid of the router/ 

You can also ask the ISP if they support this, if you are running a router owned by the ISP. 

-------
Please press "Accept as Solution" if my post solved it 🙂
(1)
Joe_Kanaszka
Advisor
Monday
In response to Lesley
Jump to solution

Router does not do anyting special.  Thank you!

Bob_Zimmerman
MVP Gold
MVP Gold
Monday
In response to Lesley
Jump to solution

Routers are also useful if you need to terminate exotic link types. For example, Check Point doesn't offer line cards to handle a T3 or SONET/SDH. These connections are increasingly rare outside telcos, but I do still encounter them from time to time.

Just bear in mind that when a cluster member is down, the other member probably won't be able to use anything directly connected to the down member. Thus, an Internet switch is usually very worthwhile.

0 Kudos
the_rock
MVP Gold
MVP Gold
Monday
Jump to solution

Hey brother,

If customer asked me this question, I would literally say this "No, you dont need separate router, save your money and buy something you do need" : - )

You are welcome 😊

Best,

Andy

(1)
Joe_Kanaszka
Advisor
Monday
In response to the_rock
Jump to solution

Thank you Andy!

0 Kudos
the_rock
MVP Gold
MVP Gold
Monday
In response to Joe_Kanaszka
Jump to solution

FYFOC 😊

the_rock
MVP Gold
MVP Gold
Monday
In response to the_rock
Jump to solution

@Joe_Kanaszka Maybe not widely known that means "for you, free of charge" : - )

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
Monday
Jump to solution

Is the router also providing the L2/switch connectivity needed for the cluster to function or is that separate in your case?

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Gold
MVP Gold
Monday
Jump to solution

Btw Joe, here is what AI states the reason to get rid of router, all valid points in my opinion. On a side note, EXCELLENT choice for 9100, those are amazing.

Andy

**************************************

Reasons to Eliminate the Separate ISP Router

  1. Simplified Network Architecture:

    • Fewer devices mean easier management and troubleshooting.
    • Reduces potential points of failure.

  2. Check Point 9100 Capabilities:

    • These appliances are fully capable of handling basic routing functions, including static routes, policy-based routing, and ISP redundancy.
    • They support multiple WAN interfaces and can manage failover between ISPs.

  3. Cost Savings:

    • Removing the router saves on hardware, power, and potential support contracts.

  4. ISP Redundancy Features:

    • Check Point’s ISP Redundancy feature allows you to configure both Active and Standby ISP links directly on the gateway.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events