Solved

Sonicwall High Availability with WAN Failover.

Posted on 2014-03-24
5
502 Views
Last Modified: 2016-08-26
I need to find out if it is possible to terminate a site-to-site VPN (S2S) between the main office and another corporate office that would leverage multiple internet connections.

We currently have 2 connections: Charter cable 100x7 and Paetec/Windstream T1. The S2S terminates on the Charter interface of our Sonicwall NSA2400 (more precisely, on both of the paired NSA2400 devices that operate in stateful HA).

Basically, all traffic is forced out the site-to-site VPN , so when Charter interface goes down—the S2S does also. I want to failover (at least for certain things, if necessary) to a redundant connection: At present, the T1.

I can find all kinds of articles on high availability setups for SonicWALLs, but no information on HA + failover to a 2nd ISP, WTIH site-to-site VPN, or other services.
0
Comment
Question by:GPCDIADMIN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39950944
I've used the Sonicwall TZ210W with two wan connections. One was setup as a failover. That worked great.  I've never tried it using a VPN.

I suggest using their VPN client. I'm not sure if it would work with anyone else's.
0
 

Author Comment

by:GPCDIADMIN
ID: 39951052
TG-TIS:

Please note:
> High Availability means 2 SonicWALLs. And we have 2 ISPs, Charter and Windstream.

> Site-to-site VPN (S2S) between the main office and another corporate office. Not VPN clients.
0
 

Accepted Solution

by:
GPCDIADMIN earned 0 total points
ID: 39954054
The SonicWALL HA system will also fail over to a secondary WAN port.  As with the current HA, the secondary SonicWALL WAN ports being used must be connected together with a hub or switch.  I also note that SonicWALL Hardware Failover does not support dynamic IP address assignment from an ISP.

It is possible to provide VPN redundancy capability to our SonicWALL devices by allowing us to specify a backup destination IP address to bind a site-to-site VPN tunnel to. However,  once a SonicWALL fails over to the Secondary IPsec gateway, it will continue to use it for the lifetime of the SA – there currently is no method to detect that the Primary IPsec gateway has returned
to service and to return back to it.
0
 

Author Closing Comment

by:GPCDIADMIN
ID: 39964691
Found a SonicWALL pdf that covers the scenario.
0
 

Expert Comment

by:Melanie Gajic
ID: 41771926
@GPCDIADMIN, would you mind pointing me to that PDF please. thanks in advance
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question