This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
D_TK
Collaborator
‎2022-06-30 10:34 AM

ISP Redundancy - monitored hosts questions

Good day everyone.

Setting up ISP redundancy in primary/backup mode for a few clusters and i'm wondering what the correct approach is for the advanced\monitored hosts config.  

primary link is a DIA circuit from AT&T , and backup link is a cable modem from comcast.  

For the monitored hosts, are these just universally reachable targets like 8.8.8.8??  Or more targeted like the AT&T DNS server for link 1 and comcast DNS server for link 2?

Appreciate any insight.

thanks.

 

 

 

0 Kudos
6 Replies
the_rock
Champion
Champion
‎2022-06-30 11:26 AM

Just use google dns, I had few customers do it and works fine. Fortinet does same thing. But yes, you could use targeted ones as well.

0 Kudos
D_TK
Collaborator
‎2022-06-30 12:08 PM
In response to the_rock

Thanks, but maybe i'm not understanding how this works.  Currently eth4 is the primary DIA link, and eth5 is the backup cable modem.  I added the cogent DNS server as the primary monitored host, and the comcast DNS server as the backup monitored host.  After pushing policy, i'm seeing the attached - ICMP requests to both of the monitored hosts sourced only from eth4.

I assumed i would see eth4 polling its monitored host, and eth5 polling comcast??   Does this seem correct?

thanks

 

 

 

 

 

Preview file
173 KB
0 Kudos
the_rock
Champion
Champion
‎2022-06-30 12:14 PM
In response to D_TK

Im pretty positive what you got is right...you wont see anything on backup link, thats totally normal. Its sort of like if you configured say bgp on a cluster, show bgp peers would only show established on master, never on backup.

Wolfgang
Mentor
Mentor
‎2022-06-30 10:57 PM
In response to D_TK

If you run ISP redundancy in LoadSharing mode both links are using their configured monitored hosts for probing. With HA it works like mentioned @the_rock .

D_TK
Collaborator
‎2022-07-01 07:54 AM
In response to Wolfgang

Gents, thanks for the help, it seems like it's working normally.  Next time i'm at that location i'll pull the cable and see if it does what it should.

 

0 Kudos
Wolfgang
Mentor
Mentor
‎2022-07-05 07:24 AM
In response to D_TK

@D_TK  With "fw isp_link <Name of ISP link> {up | down}" you can change the state of one of the ISP links to test failover.

0 Kudos