We'd love to hear about it! Click here to go to the product suggestion community
I would like to know if it is possible to create in Sophos UTM 9 2 VPN IP Sec that work like Fail Over, for example:
Site A ------ IP SEC 1 .------- Site BSite A ------ IP SEC 2 ------- Site C
Case 1: If IP SEC 1 falls, IP SEC 2 rises.Case 2: If IP SEC 2 falls, IP SEC 1 rises
Site A:It only has 1 WAN
Hi gerardo josic rodriguez paredes
On Site A you can create an Availability Group under Definitions & Users > Network Definition > Availability Group and add the IP addresses of Site B and C (in the order you want the VPN to try). You then add that Availability Group under "Gateway" in the Remote Gateway configuration.
Are Sites B and C two different sites or are they 2 different ISP's from the same site?
If the latter, on that Site you will need to select Uplink Interfaces for the local interface in the IPsec Connections configuration. Please see the following KBA: How to configure IPsec Site-to-Site VPN with multipath uplink on a Sophos UTM
Hope this helps.
In reply to Karlos:
Karlos, that's the "old" new way to do this. The "new" new way is with an Interface Group: Auto-Failover IPsec VPN Connections.
And, since V9 brought us the ability to bind an IPsec Connection to an Interface, it's now possible to have two active tunnels and instant failover using Static Routes. The best description I know of this is in German, but Sophos UTM multiple S2S IPsec VPN mit Failover – Tutorial (DE) has pictures of all settings in English.
Gerardo, if Karlos and I misunderstood your situation, please supply a simple, stick diagram of what you need.
Cheers - Bob