Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".



How would you go about creating an FQDN address object on a SOHO250 that resolves to the active WAN Interface IP at any given time?

I am attempting to eliminate the need to create additional Site-To-Site VPN tunnels for backup purposes.

Instead the VPN tunnels will resolve to the internal FQDN address object instead of IP address.

Category: Entry Level Firewalls


  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    No need to create it, it already exists and is called "Default Active WAN IP". But it's no use to you here becase you can't use an address object in the Gateway field of a site-site policy.

    I think you need a dynamic DNS FQDN and to put that in at the other end? Just bear in mind you can have two entries for the remote gateway in a "normal" site-site VPN policy.

    Maybe post a bit more detail on what you're hoping to achieve.

  • Options
    AbouYaka90AbouYaka90 Newbie ✭

    I have a cell modem with 2 SIM cards (2 different public IPs respectively) in pass-through mode handing off WAN connectivity to the WAN port on the SonicWall. These 2 SIM cards failover when one carrier goes down. I want to create my VPN tunnel with just one FQDN pointing to this local WAN identity. I am just not sure what DNS configuration steps need to be taken on the SOHO 250 side.

  • Options
    TKWITSTKWITS Community Legend ✭✭✭✭✭

    Look into round-robin DNS A records. The exact thing you are looking for would require a load-balancer but round-robin DNS might be enough for your needs.

  • Options
    MustafaAMustafaA SonicWall Employee

    You can use Dynamic DNS feature on the firewall, which you have the 2 SIM cards. If the WAN connection fails over from IP1 to IP2 the firewall will update the Dynamic DNS record.

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    What's at the other end?

    If your Soho250 with variable IPs can be the firewall that brings up the tunnel, then just leave it as and set it up with a manual IKE ID, like you would with any other IPsec tunnel with a dynamic IP. If you can get it working like this then you don't need the extra complexity.

Sign In or Register to comment.