Our Network Engineer left us in the middle of a DR implementation.. so excuse my lack of knowledge here.
We have four UTMs. Our main office also has a SUM (I believe that's what it's called). If our main office disappears or goes offline we need to manually initiate the VPN failover. I've been instructed that we don't want this to automatically occur.
1) If the main office is not reachable, could I hypothetically switch the remote UTMs to point back to our biggest regional office. The biggest regional office is going to serve as our headquarters should the main office go offline for an extended period of time.
2) My idea, which not sure if it's even feasible, is to just configure Site-to-Site VPNs using IPsec similar to how they connect to our main office and then just enable them when a disaster has been formally declared and our DR plan is being implemented. Basically just going to mirror the current config on the secondary location's UTM (changing IP's and stuff), and then add those gateways and connections on the other UTMs.
So, really just a hypothetical\feasibility question before I dig into the technical aspects of making this work. It almost seems to easy, like I'm missing something here. I know one hurdle would be connecting to the remote sites if the VPN to the main office is down but we could still get into the UTMs or a PC on site via the internet. My other question is if the SUM is not reachable is that going to create issues.
Thanks,
Greg
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
