IPSec VPN tunnel with backup Route

XG in Branch and UTM in HQ. 

XG has two interfaces, UTM one? 

In this case, use the failover groups:

https://community.sophos.com/kb/en-us/123305

XG in Branch and UTM in HQ. 

XG has two interfaces, UTM one? 

In this case, use the failover groups:

https://community.sophos.com/kb/en-us/123305

Is it possible to do an active/active IPSec over two WAN links for Branch and HQ ?

As far as i know, this is not possible. 

Most of the time, this will not archive the expected solution. I only can think of a active / active solution without a link combination. So basically it will only attach the connections to one of both tunnels. 

You could try to archive such a construct, never have tried it before. 

Sorry for late answer.

We tried following that articel and figured out one different prerequisit.

We have only one interface on the Sophos available that is connected via 2 ISPs.

So the transfer net between Sophos and the 2 Internet routers is like this:

Sophos ext interface is 10.10.10.10/24

ISP1 internal is 10.10.10.1 and

ISP1 internal is 10.10.10.2.

Both connected to the same Sophos port.

Any idea how to deal with this?