• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 550
  • Last Modified:

Sonicwall High Availability with WAN Failover.

I need to find out if it is possible to terminate a site-to-site VPN (S2S) between the main office and another corporate office that would leverage multiple internet connections.

We currently have 2 connections: Charter cable 100x7 and Paetec/Windstream T1. The S2S terminates on the Charter interface of our Sonicwall NSA2400 (more precisely, on both of the paired NSA2400 devices that operate in stateful HA).

Basically, all traffic is forced out the site-to-site VPN , so when Charter interface goes down—the S2S does also. I want to failover (at least for certain things, if necessary) to a redundant connection: At present, the T1.

I can find all kinds of articles on high availability setups for SonicWALLs, but no information on HA + failover to a 2nd ISP, WTIH site-to-site VPN, or other services.
0
GPCDIADMIN
Asked:
GPCDIADMIN
  • 3
1 Solution
 
Tony GiangrecoCommented:
I've used the Sonicwall TZ210W with two wan connections. One was setup as a failover. That worked great.  I've never tried it using a VPN.

I suggest using their VPN client. I'm not sure if it would work with anyone else's.
0
 
GPCDIADMINAuthor Commented:
TG-TIS:

Please note:
> High Availability means 2 SonicWALLs. And we have 2 ISPs, Charter and Windstream.

> Site-to-site VPN (S2S) between the main office and another corporate office. Not VPN clients.
0
 
GPCDIADMINAuthor Commented:
The SonicWALL HA system will also fail over to a secondary WAN port.  As with the current HA, the secondary SonicWALL WAN ports being used must be connected together with a hub or switch.  I also note that SonicWALL Hardware Failover does not support dynamic IP address assignment from an ISP.

It is possible to provide VPN redundancy capability to our SonicWALL devices by allowing us to specify a backup destination IP address to bind a site-to-site VPN tunnel to. However,  once a SonicWALL fails over to the Secondary IPsec gateway, it will continue to use it for the lifetime of the SA – there currently is no method to detect that the Primary IPsec gateway has returned
to service and to return back to it.
0
 
GPCDIADMINAuthor Commented:
Found a SonicWALL pdf that covers the scenario.
0
 
Melanie GajicCommented:
@GPCDIADMIN, would you mind pointing me to that PDF please. thanks in advance
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now