Checkpoint Dual Wan question

[oktaym]

HI I would like to find out about how I can setup ISP failover.

We currently have a Checkpoint NG FP3 (on Win2K) setup with one ISP in Atlanta and has a VPN tunnel to our NY office. NY office has a Cisco PIX firewall.

We just got a DSL for backup and failover purpose in Atlanta.

Is it possible to setup checkpoint for failover with 2 ISPs in Atlanta, and have 2 different VPN tunnels to NY PIX???

Thanks for all your help...
Oktay

 

[Birmingham]

Hi

I dont think it should be a problem. Not sure how pix works with encryption so wondering if you might have to do some NAT somewhere so that the pix box sends the traffic back down the right tunnel.

If its not an urgent requirement I would upgrade to NGX "as latest version as you dare" first as NG FP3 was really the point when NG became usable. You might want to consider moving to SecurePlatform at the same time.

ISP redundancy is quite straightforward so configure two interfaces as external, then you can configure ISP redundancy. Verify routing and firewalling along the new tunnel eg. that your dsl router does not have any firewalling on it.