I'm thinking of setting up 2 nokia ip440s running checkpoint 4.1 with HA and also be our border gateways to 2 different isps and run bgp. I'm not exactly thrilled about using bgp on a firewall but it would accomplish what i want. We will have our own asn and will have a class c from one provider that our other provider will also advertise. So if the connection to provider A went down, external connections would be able to connect to the broadcasted class c thru provider B. Course for connections going outward, the firewall would be able to also detect this and go out the provider that is up. We also would have the firewall failover setup so that if one firewall went down, the other would take it's place. It's a pretty complex setup and I would be concerned with how this nokia solution would handle the traffic, firewall state, and how much bgp would affect the firewall services. Has anyone had this type of setup? And if so how did it work for you? Are there any better alternatives to this? merc - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
