I'm sure my questions have probably been asked before... but after searching post for more than an hour, I gave up...
We have two ASG 220's - configured as an H/A (active/passive). We're in the process of migrating to the ASG 220's from a Novell BorderManager firewall.
We also have two (2) ISPs- a legacy T1 that we've been using for years and the other a new 10MB commercial cable link. It's our goal to use both ISP links for load balancing and fail-over of both inbound & outbound traffic.
Both ISP's have assigned us blocks of public IP addresses. Currently our webservers and mail server domain names are registered with corresponding public IP addresses from our T1 provider.
The webservers are in a DMZ on the BM server (it's multi-homed w/4 NICs) - using NAT to correlate the public and private IP addresses. So we'll be moving them to the DMZ on the ASG 220's...
From an outbound perspective - we'd like to load balance and fail-over between the WAN links.
Likewise, we'd like to either load-balance incoming traffic in some manner - or at least fail-over to the other WAN link if the primary link fails.
Which leads me to my question - how do we handle public DNS entries for our webservers and mail server - so that if a link from one ISP goes down - all the incoming traffic is routed to the alternative ISP's link and IP addresses?
Admittedly, I'm a bit out of my league here... I've looked at Dynamic DNS, round-robin DNS, etc.
I guess I'm curious as to how to detect a failed WAN link and then update the public DNS entries dynamically when a link fails (and therefor the DNS enteries become invalid) - to force incoming traffic to the alternate ISP's IP address.
This thread was automatically locked due to age.
