This is somewhat off the topic of firewalls, but since this material
may refer to Internet connections as well, here goes....
If you've really got mission critical WAN connections, what you can do is to
set up redundant and diverse WAN connections to begin with.
That is, have two T-1s (or fraction thereof). If possible, have them
leave your premises by different physical routes to avoid backhoes.
The T-1's should then go to different POPS (Points Of Presence) for your
WAN carrier (who said this was cheap?).
In some cases, you may even want to use different carriers (AT&T, Sprint,
MCI, LCI, WilTel, whoever).
Consider whether or not the high latency of Satellite connections will work
with your set of applications. Typical latency within the US ranges from 30 ms to 300 ms. Satellite latency starts at about 700 ms and goes up from there.
Use different routers to connect to each WAN connection. If you have a large
or widely spread campus or interconnected sites, you may even want the
routers and connections in different buildings.
Size each pipe capable of carrying all your traffic with some overhead allowed
for. Then set the routing costs to make one preferred for IP traffic, and the
other for IPX/AT/XNS/OSI/DECNET or whatever protocol mix you run.
Hope this helps,