Had a quick search through docs and discussions around getting SSL vpn working on multiple wan ports. It seems the recommendation is to set Multiple DNS A records which will provide a bad failover solution due to the round robin nature of multiple A records.
I run some openvpn systems at my home and have it set up to connect to 3 different FQDNs. this means if one connection is down and the others are up you will still be able to establish a VPN connection. If this was done via a single FQDN + multiple A Records and the connection for the first A record was offline the client would not connect.
A records are also fine if all your WAN connections have public static addresses. However not everyone has that luxury and would mean needing to use a DDNS services + multiple CNAME records all pointing to the same FQDN... but that's not possible with CNAME records
Id like to have the option to set multiple FQDNs for the "Override hostname" property in the SSL VPN settings. Its already possible with Open VPN and I probably could just modify the config file but it would be nice to have it implemented globally so that when users download the config & setup files from the user portal it all just works.
Hi wesley Duggan,
Thank you for taking the time to reach out; I have forwarded this over to our team for their feedback.
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.