Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SD-WAN Connection Group and High Availability failover

Hello,

I am looking to confirm if the below is feasible.

We have a HO and BO. The BO hosts a number of production servers and so there is an SD-WAN Connection Group that connects the two firewalls and allows certain services to certain VLAN networks from HO to BO. The SD-WAN Connection Group creates the firewall rules, IPSec tunnels and SDWAN routes automatically.

This all works fine! We are now looking at introducing a second router (same hardware revision) at the BO and implementing High Availability via Quick HA.

My question is, that if and when a failover occurs to the auxiliary unit, will the functionality controlled via the SD-WAN Connection Groups still work? I know this would work in a case where the IPSec and firewall rules were manually configured and am just seeing if anyone can verify it's the same case for the SD-WAN Connection Group settings.

Thank you in advance for any assistance.



This thread was automatically locked due to age.
  • Yes - For Central a Standalone and a Cluster are the same. 
    You would have to remove the Standalone and add the cluster to the ConnectionGroup once, if not enabled automatically. 

    __________________________________________________________________________________________________________________

  • Thanks for the swift reply. I'm hoping it will automatically update the reference from the standalone to the cluster in the connection group. That will mean no downtime for the tunnels. But will plan for this just in case. Thanks again