selection of SSL VPN listening interface

I have Sophos XG210 (SFOS 17.1.3 MR-3) with WAN1 and WAN2 interfaces. Both WAN1 and WAN2 belong to zone WAN. WAN1  is much faster then WAN2 and I'd like to know if there's any way to force SSL VPN users go through WAN1 only when accessing our internal resorces without dropping packets for WAN2? 

  • you'll need to edit the SSL VPN Config File (.ovpn) and remove all the line with remote X.X.X.X except the line with the remote Wan1IP

  • You can also change the IP/Hostname that you would like to connect, but the downside is not been able to connect if the defined link is down (if configured by IP). You can workaround by using a DDNS. If the WAN definied went down, you change the DDNS to connect in another WAN.

    Change VPN Settings:

    • Configure > VPN > Show VPN Settings > SSL VPN > Override Hostname

    Configure DDNS:

    • Configure > Network > Dynamic DNS



    Before the changes:


    After override IP:

    After override DDNS: