I've seen a few similar posts related to this, however none of them quite addressed the question I have.
We have 5 sites, 1 head office and 4 branch locations. All have XG firewalls running either 17.5.12 or 17.5.13 and all have the same 2 ISP's for primary and failover connections. All sites are connected via IPSEC VPN tunnels with ISP1 connected to ISP1 and ISP2 connected to ISP2 as a failover.
The issue we run into is that the IPSEC VPN failover groups don't have dead peer detection, and thus it doesn't trigger the failover group to flip to the next connection. The failover trigger in the VPN failover group is a ping response. The problem is that a gateway can respond to a ping but might not be passing proper traffic. We've tried the TCP port connection, however we've found that it's also not super reliable.
Anyone else run into this type of situation and/or have a similar experience?
Great feature request right here, more flexibility with the IPSEC VPN failover group tests... or just enable dead peer detection (WHY IS THIS NOT A THING ALREADY?!?).
This thread was automatically locked due to age.