Configuring IPsec Failover in NG Firewall


Site-to-site IPsec tunnels can be configured for failover in environments which have more than one WAN. If a WAN should go down and that WAN had an active IPsec tunnel, NGFW will automatically switch to another available WAN and attempt to reconnect the tunnel.


WAN Failover

In addition to IPsec, this configuration requires the WAN Failover app. For details on setting up WAN Failover tests, please refer to this article: How do I configure a WAN Failover test?


IPsec Tunnel Configuration

In Apps > IPsec VPN > IPsec Tunnels, create or edit the tunnel you would like to use failover with. Locate the Interface drop-down and choose "Active WAN":

Active WAN selection

You will notice the Local Address attribute changes to the first available WAN interface configured in your NGFW. (Typically, this will be the lowest-numbered WAN, eth0.)

Click Done, then Save to apply the change. You may experience a brief interruption in tunnel connectivity.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.

Powered by Zendesk