Dear Experts,
I need your support on the following scenario. I have a fortigate firewall
which is connected to 2 internet routers (Cisco Routers). Now the objective
I am trying to reach is to have full redundancy in terms of internet
connection. I have thought of doing HSRP/VRRP and putting both routers on
the same subnet and using tracking IP addresses to control pre-emption
however this is not valid as the customer wants to keep his IP addressing
the same. Thus each router is connected to the firewall on a seperate
subnet (public subnet) where the firewall is doing the PAT/NAT..etc
The Fortigate firewall only seems to have a static route which can point to
a single next-hop, and there is no tracking functionality for those static
routes. I have thought of configuring OSPF between the fortigate/Cisco
routers, and using default-information originate attached to a route-map on
both Cisco Routers with different metrics. However, when I am using the
route-map I am trying to search for an SLA to match because i don't want to
match the outside interface being "UP" as this doesn't mean that internet
will be UP. Can anyone elaborate/help me find a better mechanism? So the
whole line of thought is that if internet is available on router A by
pinging a public DNS server for instance, I will generate this default
route into OSPF, else i will remove it and Router B will be used for
internet connectivity.
Thanks
-- KJ Blogs and organic groups at http://www.ccie.netReceived on Fri Jan 13 2012 - 20:04:43 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 02 2012 - 11:52:51 ART