Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 4706 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site SSL VPN WAN Failover

Daniel Avrit

Hi guys, I have a site to site ssl vpn connection that is working great. I have an SG105 that captures all traffic (lan or wan) from its clients, and forwards it on to an SG310 at our main office.

When the tunnel fails, I want devices on the SG105 to be allowed to access the internet. For example, lets say the main office burns down. I still want these devices to be able to talk out. 

 

Right now, if I go to SG105-> Site to Site VPN -> SSL and hit the green toggle on/off switch, the rule shuts off and devices can talk out as desired. But if I do that on the SG310 (the SSL-VPN site-to-site server), the SG105 keeps trying to funnel traffic through the (now dead) tunnel rather than letting it talk out. 

 

When the tunnel fails, I want clients to be allowed direct internet access. Seems fairly simple conceptually.  Is it possible?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Daniel Avrit

    A RED tunnel with Uplink Balancing is indeed the way to go.  Note that your approach with External in Standby might work if this UTM were the Server side of the tunnel.  I would use a Multipath rule with both in Active instead: Bind 'Any -> Any -> Any' to the RED tunnel.

    Cheers - Bob