Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

VPN Bound to Interface X7 / Failover

Hi,

we has two different connections to internet

1xhighend Connection (Interface X7)

1xConsumer Connection (Interface X1)

We have enabled load balancing. Primary connection is X1. We will route all VPN access to the another branch over the highend connection (X7). Now we have bound the VPN over the setting " VPN Policy bound to" to interface X7.

But when the connection on X7 has an error, no automatically failover happens to the interface X1 for VPN. How we can solve this?

Category: Mid Range Firewalls
Reply
Tagged:

Answers

  • Hello @Auer,

    Welcome to SonicWall community.

    When you use the bound to option on the interface, automatic failover to other interfaces will not take place.

    Please try the following procedure.

    1) Bind the VPN to zone WAN

    2) On the remote end use X7 IP as the primary peer address and X1 as the secondary peer address

    3) Make this end as the responder and the remote side as the initiator.

    With this in place, the remote end will form the VPN using the X7 WAN and in case it goes down, X1 WAN will be used to re-negotiate the VPN. You can also use DPDs over VPN for checking peer status.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Auer

    we don't know what kind of VPN endpoint is on the remote side, is it a SonicWall as well? In that case I would definitly go for Tunnel Interface and define two Tunnels one on X7 and the other on X1, Routing with a better metric primarily over X7 and secondarily over X1. That's clear and simple and IMHO my preferred way over Site-2-Site Connections bound to WAN zone.

    I you let us know what's on the remote side (equipment-wise), maybe I can give better advice.

    --Michael@BWC

  • AuerAuer Newbie ✭

    Hi,


    we has in the another branches also sonicwall firewalls.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Auer

    then Tunnel Interface it is - in my opinion - your mileage may vary. With the policy based routing over the two VPN connections you can control your traffic very granular.

    It's clean and simple, but you need two VPN connections instead of just one. Maybe that's an issue if you have your licensed connections already exhausted. And it's a little bit more work to setup, but after that nice'n easy.

    --Michael@BWC

  • AuerAuer Newbie ✭

    Ok. Thank you. I will try.

Sign In or Register to comment.