This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
D_TK
Advisor
‎2022-06-30 10:34 AM

ISP Redundancy - monitored hosts questions

Good day everyone.

Setting up ISP redundancy in primary/backup mode for a few clusters and i'm wondering what the correct approach is for the advanced\monitored hosts config.  

primary link is a DIA circuit from AT&T , and backup link is a cable modem from comcast.  

For the monitored hosts, are these just universally reachable targets like 8.8.8.8??  Or more targeted like the AT&T DNS server for link 1 and comcast DNS server for link 2?

Appreciate any insight.

thanks.

 

 

 

0 Kudos
6 Replies
the_rock
Legend
Legend
‎2022-06-30 11:26 AM

Just use google dns, I had few customers do it and works fine. Fortinet does same thing. But yes, you could use targeted ones as well.

0 Kudos
D_TK
Advisor
‎2022-06-30 12:08 PM
In response to the_rock

Thanks, but maybe i'm not understanding how this works.  Currently eth4 is the primary DIA link, and eth5 is the backup cable modem.  I added the cogent DNS server as the primary monitored host, and the comcast DNS server as the backup monitored host.  After pushing policy, i'm seeing the attached - ICMP requests to both of the monitored hosts sourced only from eth4.

I assumed i would see eth4 polling its monitored host, and eth5 polling comcast??   Does this seem correct?

thanks

 

 

 

 

 

Preview file
173 KB
0 Kudos
the_rock
Legend
Legend
‎2022-06-30 12:14 PM
In response to D_TK

Im pretty positive what you got is right...you wont see anything on backup link, thats totally normal. Its sort of like if you configured say bgp on a cluster, show bgp peers would only show established on master, never on backup.

Wolfgang
Authority
Authority
‎2022-06-30 10:57 PM
In response to D_TK

If you run ISP redundancy in LoadSharing mode both links are using their configured monitored hosts for probing. With HA it works like mentioned @the_rock .

D_TK
Advisor
‎2022-07-01 07:54 AM
In response to Wolfgang

Gents, thanks for the help, it seems like it's working normally.  Next time i'm at that location i'll pull the cable and see if it does what it should.

 

0 Kudos
Wolfgang
Authority
Authority
‎2022-07-05 07:24 AM
In response to D_TK

@D_TK  With "fw isp_link <Name of ISP link> {up | down}" you can change the state of one of the ISP links to test failover.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 07 Oct 2025 @ 09:30 AM (CEST)

    CheckMates Live Denmark!
    CheckMates Events