| Question |
| How can we achieve redundany at ISP level? |
| |
| Answer |
| We can achieve ISP redundancy through two modes viz Active active and Load sharing |
| |
| Question |
| How to create a TFTP server on checkpoint ? |
| Answer |
| |
| This topic is not related to ISP redundancy, it is a different topic. |
|
| Question |
| What are the prerequisites for ISP redundancy ? |
| Answer |
| The pre requisites for ISP redundancy are: There should be different broadcast domains. you need to decide that you have to run the ISP redundancy in active active or active standby mode. you may also decide whether you want to monitor the next hop or not, by default firewall monitors the next hop.The port should be up for all the connected interfaces. |
|
| Question |
| If customer decide to have only one broadcast domain, then how we can manage redundancy, what is the alternate solution. |
| Answer |
| Since you have only one broadcast domain that itself means there is a single ISP so there does not arise a need for redundancy. |
| |
| Question |
| |
| Can we configure PBR on GAIA to achive ISP redundancy..coz i dont find any document for that |
| Answer |
| |
| Yes we can configure PBR but either we can configure PBR or ISP Redundancy both will not work together. |
| |
| Question |
| |
| How to configure HSRP and Checkpoint propitiatory protocol for redundancy Please send the configuration details ? |
| |
| Answer |
| |
| They both Protocols works and support on their own devices and do not work together to achive the ISP Redundancy. |
| |
| Question |
| If My Internal traffic is coming on checkpoint which is in Active/Active mode how can we loadbalace traffic between 2 ISP? what are the thing we need to confiure on checkpoint ? |
| Answer |
| While configuring ISP Redudancy and you configured Active/Active , so it’s mean by default Multicast ClusterXL is configured and then there is an option in ISP Redudancy to configure WEIGHT. Based on requirement you can increase the WEIGHT. |
| |
| Question |
| Also when traffic from outside region coming to my firewall on Active/Active mode how can we inform ISP to send interesting traffic.I mean trrafic A should come via ISP 1 and Traffic B shols come via ISP 2. In short , How can we influence incoming traffic ? |
| Answer |
| So there is no need to inform ISP-end to send the traffic on which Internet link. So you have to configure DNS ( Inbuild in Firewall ) to achive Inbound connection. |
| |
| Question |
| |
| If I am increasing the weight for ISP1 link the will the second link be used ? or we also need to do routing on checkoint to send traffic to ISP1 and 2? |
| |
| Answer |
| Yes it will be in used because you have not send all traffic to ISP-1. Secondly You have to do the rounting only for 1 ISP-1 another will automatic update VIA cpisp_update file. |
| |
| Question |
| |
| In switch two ISP with pbr May show the internet bandwidth. In Checkpoint any performance degrade if we configure PBR, because we need source base routing, If any other solution have please share. |
| |
| Answer |
| There is no issue with Check point Firewall degrade if we use PBR. |
