- Bronze, 100 points or more
I am looking for the most optimal way of providing redundancy from a firewall out to the internet. I have a non-Cisco firewall (Checkpoint) that does not support BGP. In front of the firewall, there are two Cisco routers running BGP which are connected to different providers (pulling default routes only).
My plan is to provide redundancy to the internet as there are nearly 100 VPN's connected to the firewall. My first thought was to use GLBP to load-balance the traffic from the firewall to each of the routers. While I don't see any issues getting this to work, I do have some concerns about how this will work.
The number one question is that since nearly all of the traffic from the firewall will be coming from a single IP & mac address, does this mean that GLBP will direct all the traffic to a single forwarder (ie GLBP looks at the firewall as a single host and tells this single host that its gateway's mac is xxx negating load-balancing?)
I hope that I am clarifying this enough. The goal here is to have the firewall send traffic out equally between both routers. I understand that my inbound traffic is a whole different issue with regards to BGP (and I am negating that conversation right now).