Two WAN connections - Single SSL certificate?
I have a TZ350 which has two WAN connections. We'll say that AT&T service has an external IP address of 220.127.116.11 and spectrum has an external IP address of 18.104.22.168. Through my DNS provider, I have assigned an A record for ATT.mydomain.com which points to 22.214.171.124 and another A record for SPECTRUM.mydomain.com which points to 126.96.36.199
Since the connections are comparable in speed, I'd like for the end users to be able to use either one when using SSL VPN. As it is now, I have installed a sectigo essential ssl certificate for att.mydomain.com and it's working properly. However, users who access the SSLVPN through spectrum.mydomain.com naturally get certificate errors.
What is the preferred way to install a single certificate onto the TZ350 which would apply to both WAN connections?
BWC Cybersecurity Overlord ✭✭✭
I strongly advise against the single DNS record for both lines, because it's somewhat unpredictable on which line the user will end. And in case that one line goes down the users will probably end up in not having a chance to connect because their is no failover on the other line.
I suggest to get a SAN certificate from Sectigo covering both names or if you don't wanna spend that money create your own CA and issue any cert you want. Make sure the user devices trust this CA which is fine for corporate devices.
Thank you for visiting SonicWall Community.
The best way to achieve your requirement of using a single SSL certificate for two WAN connections is to use one domain name (ATT.mydomain.com or SPECTRUM.mydomain.com) and map both the WAN IP addresses (188.8.131.52 and 184.108.40.206) to the specific one domain name.
Let us know if any questions.
Technical Support Advisor - Premier Services
Thanks for the comments. I was able to solve this by (1) creating a wildcard CSR from one of my appliances (*.mydomain.com). (2) Purchase a wildcard certificate from Sectigo. (3) import the certificate into the appliance that created the CSR.