Hi guys. We have 2 Check Point firewalls with redundant ISP links in one of our offices and we are trying to find ways of routing traffic to local websites over a specific ISP link, rather than routing it via the default route.
Policy-based routing is not possible due to incompatibilities with features that we have enabled on the firewalls. My colleague has suggested adding a new router between the firewall and one of the existing ISP routers and forwarding traffic this way:
[All traffic] FW > New Router > Existing ISP router > internet
[Local traffic] FW > New Router > Other ISP router > internet
So, essentially, all traffic will be ultimately routed by the new router and not the firewall. To my knowledge this isn't a good idea due to double NAT in particular and it seems a bit much to do this to route traffic for a few websites.
Am I right or wrong? It's not something I've done before so I am keen on hearing what more experienced people have to say!
No comments:
Post a Comment