Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route Site-to-Site VPN over different ISP

Good day,

I've been struggling with this issue here for quite some time. 

We have a Site-to-Site VPN setup to external company with NATed ranges. Have setup the firewall to fail-over to backup ISP should the primary ISP fail. 

Trying tested it multiple times. Even logged a Sophos support query but still can't resolve this issue. 

Does anyone have a solution on how to route the backup ISP traffic should the Primary ISP fail? 

Any more info required let me know Slight smile

Config below: 

1st Tunnel (Primary & working):

  • Primary ISP is on Port3
  • First MRI_NATed range is not required therefore not needed to translate
  • We NAT 172.17.1.7 to our 10.0.0.0/16 range for our internal network to connect to the remote server

2nd Tunnel (Fail-over Not working)

  • Backup ISP on Port 2
  • Encryption exactly the same as the primary tunnel
  • We NAT 172.17.1.9 to our 10.0.0.0/16 range for our internal network to connect to the remote server



This thread was automatically locked due to age.