Backup/Failover IP for VPN tunnel destination

Hi all, new here.

Where I work, we have inherited a number of Firebox T35's at remote sites. They have a single WAN connection.

We have recently formed VPN tunnels back to our head office on the T35's. At our head office, we have two WAN lines. The VPN tunnel on the T35's is terminating on one of these WAN lines at our head office.

Our head office also does not use Watchguard devices and the said VPN tunnel is terminating on a 3rd party firewall at our head office..

On the T35's, how do I create a redundant/backup VPN tunnel to the other WAN line at our head office? Of course keeping routing for subnet ranges at the head office end of the tunnel working.

Kind regards.


  • Options

    "VPN failover is not supported for VPN connections to a third-party device."

    Configure VPN Failover

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    If your 3rd party device has a way of listing multiple gateways, it'll probably work. Since we don't have any way of controlling how that device decides to use what gateway when, your results may vary.

    If it does an OK job, your failover will probably still be ok (it just might not be as quick as you'd like.) If you choose to endeavor on this, I'd suggest testing during a weekend or maintenance period so you know what to expect.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.