Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Eric_GvdE
Explorer

Split traffic over different ISP

Current situation:
2 Checkpoint 5600 ngtx firewalls in a HA configuration.
The 2 firewalls are both connected to an ISP in a BGP hot-standby construction. At this moment only one ISP is connected to handle all internet trafic.

Is it possible to add a second ISP to the firewalls to split the trafic into general internet trafic (i.e. browsing) and apllication specific trafic (i.e. VPN and/or other applications).

If yes, could someone tell me how?

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

In general, yes.
There are two ways to achieve it:

  • ISP Redundancy, which may not be a good fit when you're using dynamic routing.
  • Policy-Based Routing with corresponding NAT rules to ensure the outgoing traffic returns via the correct interface.

Note for VPN in particular you may need to do some additional configuration so the correct IP is used to source the VPN from the correct IP (e.g. Link Selection).

0 Kudos
Eric_GvdE
Explorer

Hi Phoneboy,

We don't want to gain redundancy, we want to increase bandwidth by adding a secondary ISP.

0 Kudos
Timothy_Hall
Legend Legend
Legend

The ISP Redundancy feature supports load sharing between ISPs.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events