I'm experiencing a weird thing on the XG firewalls that I manage for my custommers.
All of the XG's are configured with SSL VPN for remote users (not site-to-site, just remote access).
Many of my custommers have multiple WAN connections, fiber 1Gb/s, fiber 100Mb/s, ADSL 10Mb/s, 4G etc etc...
When a XG has 2 Wan configured, per exemple WAN 2 = Fiber 1Gb/s and Wan4 = ADSL 10Mb/s, I want the users SSL VPN to connect on the Fiber 1Gb/s FIRST, and on the ADSL only if the Fiber is not responding. But I saw in many config files that the ADSL is configured first and the fiber in 2nd which is really bad because the upload of the ADSL is only 500Kb/s...
How the XG choses the order of the gateway in the configuration files ?
I want to chose the priority on myself in the GUI or by SSH, but I don't want to fix it manually on the hundreds of config files on the users computers...
* UPDATE *
I did some test and I realized that the priority order changes by itself when a gateway disconnects and reconnects.
If WAN1 disconnects and reconnects (even if the disconnection lasts only 5 seconds), then if a new User goes on the user portal to download the configuration file for SSL VPN, in the configuration file, the WAN2 will be the primary gateway. And if during the next days the WAN2 disconects (microcut) and reconnects (even if the disconnection lasts only 5 seconds), then the next download of the configuration file for a new user will change again and place the WAN1 as primary gateway...It's not the best way to configure SSL VPN in my opinion because we can all face some disconnections of our gateways and we always want that the SSL VPN primary gateway is the same, and the 2nd only as a failover.
Is there any option to fix that?
XG Certified Architect
Sophos Gold Partner - Reseller from Lyon, France
Ok I just understood the way the XG choses the primary gateway when connecting ton SSL VPN... My bad for this useless post, but I hope it will help some ppl in trouble with the same thing.If the Port2 is the primary gateway in SSL VPN and Port 4 the secondary gateway and if we "update" the Port2 interface, it will automatically pass the Port2 in secondary gatway. We just have to update the Port4 too (even if we made no change) and the Port4 will be the secondary gateway then the port2 will be the primary gateway...So the last updated interface is automatically placed in the last priority gateway for SSL VPN!