Solved

Sonicwall High Availability with WAN Failover.

Posted on 2014-03-24
5
482 Views
Last Modified: 2016-08-26
I need to find out if it is possible to terminate a site-to-site VPN (S2S) between the main office and another corporate office that would leverage multiple internet connections.

We currently have 2 connections: Charter cable 100x7 and Paetec/Windstream T1. The S2S terminates on the Charter interface of our Sonicwall NSA2400 (more precisely, on both of the paired NSA2400 devices that operate in stateful HA).

Basically, all traffic is forced out the site-to-site VPN , so when Charter interface goes down—the S2S does also. I want to failover (at least for certain things, if necessary) to a redundant connection: At present, the T1.

I can find all kinds of articles on high availability setups for SonicWALLs, but no information on HA + failover to a 2nd ISP, WTIH site-to-site VPN, or other services.
0
Comment
Question by:GPCDIADMIN
  • 3
5 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39950944
I've used the Sonicwall TZ210W with two wan connections. One was setup as a failover. That worked great.  I've never tried it using a VPN.

I suggest using their VPN client. I'm not sure if it would work with anyone else's.
0
 

Author Comment

by:GPCDIADMIN
ID: 39951052
TG-TIS:

Please note:
> High Availability means 2 SonicWALLs. And we have 2 ISPs, Charter and Windstream.

> Site-to-site VPN (S2S) between the main office and another corporate office. Not VPN clients.
0
 

Accepted Solution

by:
GPCDIADMIN earned 0 total points
ID: 39954054
The SonicWALL HA system will also fail over to a secondary WAN port.  As with the current HA, the secondary SonicWALL WAN ports being used must be connected together with a hub or switch.  I also note that SonicWALL Hardware Failover does not support dynamic IP address assignment from an ISP.

It is possible to provide VPN redundancy capability to our SonicWALL devices by allowing us to specify a backup destination IP address to bind a site-to-site VPN tunnel to. However,  once a SonicWALL fails over to the Secondary IPsec gateway, it will continue to use it for the lifetime of the SA – there currently is no method to detect that the Primary IPsec gateway has returned
to service and to return back to it.
0
 

Author Closing Comment

by:GPCDIADMIN
ID: 39964691
Found a SonicWALL pdf that covers the scenario.
0
 

Expert Comment

by:Melanie Gajic
ID: 41771926
@GPCDIADMIN, would you mind pointing me to that PDF please. thanks in advance
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Upgrade firmware on Engenius BH-ENS202Wi-Fi router 5 39
Patch panel 7 38
PCI compliance 16 33
what is the best antivirus or internet security for windows 10 8 58
Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
As technology users and professionals, we’re always learning. Our universal interest in advancing our knowledge of the trade is unmatched by most industries. It’s a curiosity that makes sense, given the climate of change. Within that, there lies a…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question