I've been struggling with this issue here for quite some time.
We have a Site-to-Site VPN setup to external company with NATed ranges. Have setup the firewall to fail-over to backup ISP should the primary ISP fail.
Trying tested it multiple times. Even logged a Sophos support query but still can't resolve this issue.
Does anyone have a solution on how to route the backup ISP traffic should the Primary ISP fail?
Any more info required let me know
1st Tunnel (Primary & working):
- Primary ISP is on Port3
- First MRI_NATed range is not required therefore not needed to translate
- We NAT 172.17.1.7 to our 10.0.0.0/16 range for our internal network to connect to the remote server
2nd Tunnel (Fail-over Not working)
- Backup ISP on Port 2
- Encryption exactly the same as the primary tunnel
- We NAT 172.17.1.9 to our 10.0.0.0/16 range for our internal network to connect to the remote server
[edited by: emmosophos at 5:04 PM (GMT -7) on 26 Sep 2023]