Solved

Sonicwall High Availability with WAN Failover.

Posted on 2014-03-24
5
471 Views
Last Modified: 2016-08-26
I need to find out if it is possible to terminate a site-to-site VPN (S2S) between the main office and another corporate office that would leverage multiple internet connections.

We currently have 2 connections: Charter cable 100x7 and Paetec/Windstream T1. The S2S terminates on the Charter interface of our Sonicwall NSA2400 (more precisely, on both of the paired NSA2400 devices that operate in stateful HA).

Basically, all traffic is forced out the site-to-site VPN , so when Charter interface goes down—the S2S does also. I want to failover (at least for certain things, if necessary) to a redundant connection: At present, the T1.

I can find all kinds of articles on high availability setups for SonicWALLs, but no information on HA + failover to a 2nd ISP, WTIH site-to-site VPN, or other services.
0
Comment
Question by:GPCDIADMIN
  • 3
5 Comments
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 39950944
I've used the Sonicwall TZ210W with two wan connections. One was setup as a failover. That worked great.  I've never tried it using a VPN.

I suggest using their VPN client. I'm not sure if it would work with anyone else's.
0
 

Author Comment

by:GPCDIADMIN
ID: 39951052
TG-TIS:

Please note:
> High Availability means 2 SonicWALLs. And we have 2 ISPs, Charter and Windstream.

> Site-to-site VPN (S2S) between the main office and another corporate office. Not VPN clients.
0
 

Accepted Solution

by:
GPCDIADMIN earned 0 total points
ID: 39954054
The SonicWALL HA system will also fail over to a secondary WAN port.  As with the current HA, the secondary SonicWALL WAN ports being used must be connected together with a hub or switch.  I also note that SonicWALL Hardware Failover does not support dynamic IP address assignment from an ISP.

It is possible to provide VPN redundancy capability to our SonicWALL devices by allowing us to specify a backup destination IP address to bind a site-to-site VPN tunnel to. However,  once a SonicWALL fails over to the Secondary IPsec gateway, it will continue to use it for the lifetime of the SA – there currently is no method to detect that the Primary IPsec gateway has returned
to service and to return back to it.
0
 

Author Closing Comment

by:GPCDIADMIN
ID: 39964691
Found a SonicWALL pdf that covers the scenario.
0
 

Expert Comment

by:Melanie Gajic
ID: 41771926
@GPCDIADMIN, would you mind pointing me to that PDF please. thanks in advance
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now