Split traffic over different ISP

Eric_GvdE · ‎2021-03-25

Current situation:
2 Checkpoint 5600 ngtx firewalls in a HA configuration.
The 2 firewalls are both connected to an ISP in a BGP hot-standby construction. At this moment only one ISP is connected to handle all internet trafic.

Is it possible to add a second ISP to the firewalls to split the trafic into general internet trafic (i.e. browsing) and apllication specific trafic (i.e. VPN and/or other applications).

If yes, could someone tell me how?

PhoneBoy · ‎2021-03-25

In general, yes.
There are two ways to achieve it:

ISP Redundancy, which may not be a good fit when you're using dynamic routing.
Policy-Based Routing with corresponding NAT rules to ensure the outgoing traffic returns via the correct interface.

Note for VPN in particular you may need to do some additional configuration so the correct IP is used to source the VPN from the correct IP (e.g. Link Selection).

Eric_GvdE · ‎2021-03-31

Hi Phoneboy,

We don't want to gain redundancy, we want to increase bandwidth by adding a secondary ISP.

Timothy_Hall · ‎2021-03-31

The ISP Redundancy feature supports load sharing between ISPs.

Attend my Gateway Performance Optimization R81.20 course
CET (Europe) Timezone Course Scheduled for July 1-2

Are you a member of CheckMates?

Split traffic over different ISP