dual redundant vpn tunnels from branch office to HQ office

I spent some time on research here and I wasn't able to find something like How-To, KB artice covering this scenario where we may have Sophos LTE modem on branch office or Teltonika modem attached to port. 

We do local break out for internet services any only HQ traffic is routed over VPN links. 

Questions :-): 

- Is this scenario supported and doable with Sophos XGS since we were unable to confirm with documentation?

second link as backup will be realized over Sophos LTE modem where is installed or with Teltonika modem attached to one of the ports of XGS
if yes, is there any best practice available for this scenario?

If yes:
o can we direct traffic over specific tunnels depending on need like “push all traffic over Tunnel 1 and 2 in order so save on LTE cost”:

  • tunnels 1 and 2 are in production (they can do load balancing or tunnel 1 can be up and tunnel 2 standby)
  • tunnels 3 and 4 are in production ONLY when ISP 3 is down and tunnels 1 and 2 are down.

There is no HOW-TO article for this scenario? I can’t find anything on Sophos doc pages.
- Is session failover supported?

XGS would be on latest SFOS. No plans to use Sophos Central for any kind of orchestration, it is just to risky since many things are not working the way it common sense commands.  



- added more info on scenario
[edited by: damiri at 8:00 AM (GMT -7) on 29 Sep 2023]
Parents Reply Children
No Data