Create a Post
Showing results for 
Search instead for 
Did you mean: 

Split traffic over different ISP

Current situation:
2 Checkpoint 5600 ngtx firewalls in a HA configuration.
The 2 firewalls are both connected to an ISP in a BGP hot-standby construction. At this moment only one ISP is connected to handle all internet trafic.

Is it possible to add a second ISP to the firewalls to split the trafic into general internet trafic (i.e. browsing) and apllication specific trafic (i.e. VPN and/or other applications).

If yes, could someone tell me how?

0 Kudos
3 Replies

In general, yes.
There are two ways to achieve it:

  • ISP Redundancy, which may not be a good fit when you're using dynamic routing.
  • Policy-Based Routing with corresponding NAT rules to ensure the outgoing traffic returns via the correct interface.

Note for VPN in particular you may need to do some additional configuration so the correct IP is used to source the VPN from the correct IP (e.g. Link Selection).

0 Kudos

Hi Phoneboy,

We don't want to gain redundancy, we want to increase bandwidth by adding a secondary ISP.

0 Kudos
Legend Legend

The ISP Redundancy feature supports load sharing between ISPs.

Gateway Performance Optimization R81.20 Course
now available at
0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events