I’m in doubt about applying VSX cluster and Virtual Systems (VSs) in case of internet access over two ISP providers. I have two internet links from two different ISP providers and two Public DMZs subnets from every provider. The picture below shows connections between equipment and two providers.
I have a plan to change two firewalls (FW01 and FW02) with two Check Point 5600 appliances configured in Load Sharing (VSLS) VSX cluster. On the cluster two VSs will be configured, one VS for every ISP provider. On each VS OSPF routing protocol will be used for routing to the inside network, and default route on each VS for routing to the internet. Also, on each VS the following blades will be enabled: Firewall, Identity Awareness, Mobile Access, IPS, Application Control, URL Filtering, Anti-Virus, Anti-Bot, Anti-Spam, and Content Awareness. Does anyone has an experience with applying CP in this configuration. Any suggestions are welcome.