Hello - working with local CP engineer on topic but figured I'd post to community as well for recommendations and insight.
existing CP customer with perimeter cluster has requirement to setup fault tolerant configuration for communication to off-site trading application/site.
The preferred communication method is IPsec VPN to trading app/site. Assume 3rd party (not Checkpoint gateway).
The topics being discussed include (but not all inclusive):
- Two internet connections to CP customer datacenter.
- unsure if trading site has two separate ISP connections.
- relevant traffic would be OUTBOUND only from CP customer.
- access to remote Trading App/site should survive loss of ONE ISP circuits for CP customer.
- open to any combination of ISP Redundancy and/or Dynamic routing.
- only makes sense to have TWO (or FOUR) established site-to-site IPSEC connections, both using different ISP circuits on each end of connection (CP customer and remote trading app/site).
Note: I say "fault tolerance" instead of High Availablity because access to remote trading app/site should NOT be affect by loss of any individual circuit, VPN link, or node of gateway.
Any thoughts and/or recommendations would be appreciated.
Thanks