I have two links from two different ISP terminating on two differnt routers.
I have one Checkpoin R55 software based firewall on Windows setup
Both routers and Checkpoint R55 are connected using Cisco switch
Each ISP has given me /28 and /29 subnet range of public ip address.
Each application will have two Public IPs one from each ISP's
In DNS I have mentioned two records for each hostname.
I want to know how I can provide load-balancing and failover in case one of the ISP links goes down.
What will be ip addressing between two routers and Checkpoint R55. My checkpoint has only one WAN interface.
I don't have any routing protocols. Only static routes.
Thanks a Million in Advance
Checkpoint R55 is pretty old, have you thought about upgrading? I'm on R76 and its pretty awesome in how they have advanced with routing support (BGP and OSPF) and also VRRP too. Any way, resiliency and load balancing is probably better with a later version of Checkpoint in my opinion. I think they are the superior firewalls.
You have a single point of failure in the firewall so I would not consider failover yet until firewall resiliency is there.
If you want to load balance on your links your orthodox failover is not normal anymore since you will be using both links to your routers. Your failover would mean the path out of one ISP fails the other is used.
You could have two default gateways on the Checkpoint, I know you can do it with the new version, not sure about the old one. Even better you could use routing protocol between the three with conditional default route advertisement with equal costs.
They should both be different address ranges so return traffic is not asymmetric so connections don't pass through the firewall.
Hope this helps
Sent from Cisco Technical Support iPhone App
As i understand that Two different ISP with Different routers and those are connected with Firewall. For load balancing you can do one thing connect those routers with L3 switch and then firewall....
create one VLAN on switch and assign that VLAN in all three port Router 1,2 and port towards to firewall..
Your firewall getway would be the VLAN SVI ip add.. configure static route in switch towards to ISP 1 and 2....
For incoming traffic you already given two public ip address so redundancy is there only... for out going traffic you can use Policy base routing.....
I hope it will be helpful for you....