hi,
Please help me if you can:
Situation:
HA clusted with 310 xg firewall, working well, connection SSL vpn also works but suddenly performs bad.
Check:
The client xml configuration file contains all ip addresses that the xg firewall has assigned. Including private and backup IPs. It looks like this:
ip-win32 dynamic
client
dev tun
proto tcp
verify-x509-name "C=GB, ST=Oxfordshire, L=Abingdon, O=Sophos, OU=OU, CN=SophosApplianceCertificate_C320787BCQM8H94, emailAddress=support@sophos.com"
route remote_host 255.255.255.255 net_gateway
resolv-retry infinite
nobind
persist-key
persist-tun
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
</cert>
<key>
-----END RSA PRIVATE KEY-----
</key>
auth-user-pass
cipher AES-128-CBC
auth SHA256
comp-lzo no
route-delay 4
verb 3
reneg-sec 0
remote 172.16.16.16 8443
remote 84.x.x.x 8443
remote 141.x.x.x 8443
remote 10.x.x.x 8443
remote 192.x.x.x 8443
remote 10.x.x.x 8443
remote 192.x.x.x 8443
remote 10.x.x.x 8443
remote 10.x.x.x 8443
remote 10.x.x.x 8443
remote 10.x.x.x 8443
remote 10.x.x.x 8443
remote 10.x.x.x 8443
remote 10.x.x.x 8443
remote 10.x.x.x 8443
remote 10.x.x.x 8443
-- the problem is that the public ip is listed underneath the private one
-- the problem is also that the backup WAN is before the Main WAN and so connection is made through slow connection
Cause:
* it can take a a long time before connection is made, because the list is worked top to bottom and if the public WAN interface is in the bottom, all others are trief before.
Questions:
- Where is defined in the XG what IP address to connect to first?
- how to solve
This thread was automatically locked due to age.
