Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

VPN to Azure using failover WAN setup on NSA2650

Well, I've beaten myself up over this, but now I need to ask the experts.

Sonicwall NSA2650. One S2S VPN to our Azure network. Working fine with one of our WAN providers, no issues. Now we've added a 2nd WAN provider as a secondary in case the primary is down. We're not doing any load balancing, just simple probing for accessability. IF the primary fails, the secondary comes online just fine - I just cant figure out HOW to setup the S2S VPN to Azure on the secondary. If I try to create a new VPN connection using the secondary providers WAN address, the Sonicwall tells me that I cant do that since one already exists to the Azure network. The Azure VNG is not setup for active-active/passive. Do I need to? Then create a new VPN connection on the Sonicwall using the active/passive side of the Azure VNG? Thanks in Advance.

Category: Mid Range Firewalls


  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    This might provide some guidance using monitor probes

    Configuring VPN Failover using Static Routes and Network Monitor Probes | SonicWall

    The tunnel interface you are probably using doesn't give the option for a secondary endpoint but azure will (the last time I set this up), so this idea uses multiple tunnels and route policies.

    Export the Azure gateway VPN config - I used the cisco (I can interpret that), the 2 VPN endpoints created in azure are within the config under


    !   + Public IP 1:     172.xx.xx.xx

    !   + Public IP 2:     172.xx.xx.xx

  • Thanks Mark.. however, I do not have active/active-passive setup on the Azure VNG. So you're saying i need to enable that on the Azure side? Currently, in the VNG config, there is only one public IP allowed.

Sign In or Register to comment.