| You need Two Firewalls. One at each site. If these are flat subnets (meaning that there is only 1 subnet at each site and they are joined by one router via the fiber link) then you can just have weighted Static Routes for 0.0.0.0/0 on each of the two Firewalls.
Point the PRIMARY to the LOCAL ISP and the SECONDARY to the REMOTE ISP. Use an ARP query to 'check' the LOCAL 0.0.0.0 route on each firewall to ensure that the other side is 'up'. Don't check the LOCAL route by IP you will get a false indication of 'UP' when the route fails over to the FAR ISP.
You do not need to check the REMOTE 0.0.0.0 becuase is it SECONDARY to the LOCAL one.
OR (better) Use BGP or OSPF to dynamically reroute if the fiber fails.
You can also Tunnel the PUBLIC interface of both Firewalls together over the INTERNET side so that you can still 'see' the other subnet even if the Fiber link is down. Be careful not to create a routing loop.
Consider Mikrotik as a vendor to do this economical ly.
Cheers,
S |
