Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 4706 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site SSL VPN WAN Failover

Daniel Avrit

Hi guys, I have a site to site ssl vpn connection that is working great. I have an SG105 that captures all traffic (lan or wan) from its clients, and forwards it on to an SG310 at our main office.

When the tunnel fails, I want devices on the SG105 to be allowed to access the internet. For example, lets say the main office burns down. I still want these devices to be able to talk out. 

 

Right now, if I go to SG105-> Site to Site VPN -> SSL and hit the green toggle on/off switch, the rule shuts off and devices can talk out as desired. But if I do that on the SG310 (the SSL-VPN site-to-site server), the SG105 keeps trying to funnel traffic through the (now dead) tunnel rather than letting it talk out. 

 

When the tunnel fails, I want clients to be allowed direct internet access. Seems fairly simple conceptually.  Is it possible?



This thread was automatically locked due to age.
Parents
  • 0

    The easiest way to do this is with a RED tunnel and Multipath rules.  I don't know of a way to do this with an SSL VPN site-to-site, although an astute Linux scripter could probably craft a cron job that would disable the site-to-site if the central site couldn't be reached and then re-enable it when it could.

    Cheers - Bob

Reply
  • 0

    The easiest way to do this is with a RED tunnel and Multipath rules.  I don't know of a way to do this with an SSL VPN site-to-site, although an astute Linux scripter could probably craft a cron job that would disable the site-to-site if the central site couldn't be reached and then re-enable it when it could.

    Cheers - Bob

Children