Advisory: Sophos Endpoint "Your connection isn't private" after reboot. Policy settings can be returned to normal. See: KB-000045954 for the latest updates.

IPsec VPN Failover Groups between two firewalls

Hello, everybody! Got a quick question for the experts out there.

I'm trying to set up an IPsec VPN Failover Group between two XGS firewalls, HQ and Branch, each with two WAN connections. I created 4 tunnels (two for each WAN connection) and added them to a failover group on both firewalls.

However, when the groups on both firewalls are enabled, they can't connect most of the time. The connection is only stablished when both firewalls try the same tunnel at the same time.

So my question is, are there any recommended ways to accomplish this? I've found a thread ( IPsec vpn failover between 2 XG with both 2 WAN connections ) where it's suggested to use only one failover group, on the branch firewall, but it's been 3 years since it was created and maybe something's changed.


Added TAGs
[edited by: Erick Jan at 4:23 AM (GMT -8) on 7 Dec 2023]