Showing results for 
Search instead for 
Did you mean: 


Dual Sites with separate ISPs

Im having issues understanding a way to get around the a dual site, dual ISP scenario with firewalls/NAT. 

A couple issues that come to play:

     -outbound-if each site were to route out of their local firewall with their local Public IP, then no worries.  If you have a shared Public IP block between both ISPs, then traffic might route back to the other ISP and your other site, eventually hitting your other site and firewall.  Without a session already created, the firewall would drop the packets

     - inbound - how do you protect for static services such as a web server or email.  If your mx record is pointing to ISP1 and ISP1 goes down, yea you could have another record point to your other public IP.  However, many are going to have this record cached so they will try to be going to your ISP1 public ip for your smtp.  Even if its not cached, how will your outside DNS server or a hosted DNS solution know that site is down? 

     One could argue that you could have another link between sites, where all traffic would be routed to the main firewall (unless it went down), but then you have all inbound traffic going to one site/one firewall, not to mention you have to come up with this other link between them.

Surely, there has to be a solution to this.

Everyone's tags (3)
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards