?
Solved

Sonicwall High Availability with WAN Failover.

Posted on 2014-03-24
5
Medium Priority
?
513 Views
Last Modified: 2016-08-26
I need to find out if it is possible to terminate a site-to-site VPN (S2S) between the main office and another corporate office that would leverage multiple internet connections.

We currently have 2 connections: Charter cable 100x7 and Paetec/Windstream T1. The S2S terminates on the Charter interface of our Sonicwall NSA2400 (more precisely, on both of the paired NSA2400 devices that operate in stateful HA).

Basically, all traffic is forced out the site-to-site VPN , so when Charter interface goes down—the S2S does also. I want to failover (at least for certain things, if necessary) to a redundant connection: At present, the T1.

I can find all kinds of articles on high availability setups for SonicWALLs, but no information on HA + failover to a 2nd ISP, WTIH site-to-site VPN, or other services.
0
Comment
Question by:GPCDIADMIN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39950944
I've used the Sonicwall TZ210W with two wan connections. One was setup as a failover. That worked great.  I've never tried it using a VPN.

I suggest using their VPN client. I'm not sure if it would work with anyone else's.
0
 

Author Comment

by:GPCDIADMIN
ID: 39951052
TG-TIS:

Please note:
> High Availability means 2 SonicWALLs. And we have 2 ISPs, Charter and Windstream.

> Site-to-site VPN (S2S) between the main office and another corporate office. Not VPN clients.
0
 

Accepted Solution

by:
GPCDIADMIN earned 0 total points
ID: 39954054
The SonicWALL HA system will also fail over to a secondary WAN port.  As with the current HA, the secondary SonicWALL WAN ports being used must be connected together with a hub or switch.  I also note that SonicWALL Hardware Failover does not support dynamic IP address assignment from an ISP.

It is possible to provide VPN redundancy capability to our SonicWALL devices by allowing us to specify a backup destination IP address to bind a site-to-site VPN tunnel to. However,  once a SonicWALL fails over to the Secondary IPsec gateway, it will continue to use it for the lifetime of the SA – there currently is no method to detect that the Primary IPsec gateway has returned
to service and to return back to it.
0
 

Author Closing Comment

by:GPCDIADMIN
ID: 39964691
Found a SonicWALL pdf that covers the scenario.
0
 

Expert Comment

by:Melanie Gajic
ID: 41771926
@GPCDIADMIN, would you mind pointing me to that PDF please. thanks in advance
0

Featured Post

Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month9 days, 19 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question