Re: Recomendation for multiple inbound T-1 protection

From: Hi (
Date: 03/14/03

From: "Hi" <>
Date: Fri, 14 Mar 2003 20:50:37 +0000

On Fri, 14 Mar 2003 10:57:52 -0600, J. Bryan Wehrenberg wrote:

I'm looking at the StoneGate VPN firewall for a similar setup -

It provides active-active failover & load balancing of clustered firewalls
and multiple ISPs links. Both inbound & outbound traffic and VPN traffic
transparently failover transparently without the need for manual restarts
or additional third party software. Looks very nice, but I'm just at the
prelimanry stages. The prospect of mult ISP failover without resorting to
additional kit or BGP appeals ;-)

Feedback from anyone who has any experience with StoneGate in particular,
or StoneSoft products in
general, would be appreciated. All responses to the group please.



> I am setting up a firewall to protect my network of about 100 machines,
> which includes an email server, web server, 2 DNS servers and about 90
> client machines. I want to allow inbound service to the email/web/dns
> services and allow all the normal outbound services for the client machines
> (web, FTP, etc.)
> So far I've looked pretty hard at the Firebox 2500 and the Sonicwall Pro 230
> and 300. They seem to do the job I need.
> However, I have two T-1's connected to my network. One is used for almost
> all the traffic and another, from a different vendor with an entirely
> different subnet, is used as a backup. Each of my servers has dual NIC's,
> one setup for one T-1's subnet and the other setup for the other T-1's
> subnet and I have DNS setup to switch to the backup should the primary fail.
> What I want know is will I need two seperate firewalls for each T-1's subnet
> or is there a product that can handle both? I would also like to use NAT
> for the servers and keep my existing IP assignment for each of them (IP and
> Port forwarding?)
> I've read a few books on the subject so I now know enough to make myself
> dangerous. Any help would be greatly appreciated.
> Any suggestions?
> Thanks,
> J. Bryan Wehrenberg, HCSS IT Mgr