Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Garrett_DirSec
Advisor

fault tolerance recommendation for communication to trading service through CP cluster

Hello - working with local CP engineer on topic but figured I'd post to community as well for recommendations and insight.

existing CP customer with perimeter cluster has requirement to setup fault tolerant configuration for communication to off-site trading application/site.

The preferred communication method is IPsec VPN to trading app/site.   Assume 3rd party (not Checkpoint gateway).

The topics being discussed include (but not all inclusive):

  1. Two internet connections to CP customer datacenter.
  2. unsure if trading site has two separate ISP connections.
  3. relevant traffic would be OUTBOUND only from CP customer.
  4. access to remote Trading App/site should survive loss of ONE ISP circuits for CP customer.
  5. open to any combination of ISP Redundancy and/or Dynamic routing.
  6. only makes sense to have TWO (or FOUR) established site-to-site IPSEC connections, both using different ISP circuits on each end of connection (CP customer and remote trading app/site).

Note:  I say "fault tolerance" instead of High Availablity because access to remote trading app/site should NOT be affect by loss of any individual circuit, VPN link, or node of gateway.

Any thoughts and/or recommendations would be appreciated.

Thanks

 

 

 

 

0 Kudos
0 Replies