Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alias
Explorer

Site-to-Site ISB Migration Question

Jump to solution

Hey Mates,

 

we are running 80.20 in our headquarter and use 1430 Appliances in our branch offices.

Currently we are facing perfomance issues and it seems the internet connection we use for the site-to-site vpns might be undersized.

We have 2 ISPs and so far we are using only one for the site-to-site. The second line is bigger and we would like to switch our site-to-sites to the bigger connection.

However, we would like to test it with our lab and we are currently lost on how to do this.

Our firewall cluster is in an Encryption Domain with "always use this addess" configuration to public IP adress of the weak line. We looked at link selection but we are uncertain if that is the solution to our problem

Each interface is used by a different remote party:The local Security Gateway has two IP addresses used for VPN. One interface is used for VPN with a peer Security Gateway A and one interface for peer Security Gateway B.To determine how peer Security Gateways discover the IP address of the local Security Gateway, enable one-time probing with High Availability redundancy mode. Since only one IP is available for each peer Security Gateway, probing only has to take place one time.

Would this work for us? We want the test site-to-site to strictly use one IP to test the connection. From what I gather from the documentation link selection is more for high availability and less for strict traffic separation.

Any tips would be appreciated

Kind regards

D

 

 

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Changing the Link Selection settings is the correct approach here.
If you want the VPN to use the other ISP, you would specify that IP in the Link Selection settings either directly by IP or indirectly by using one of the other options (routing, etc).

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Changing the Link Selection settings is the correct approach here.
If you want the VPN to use the other ISP, you would specify that IP in the Link Selection settings either directly by IP or indirectly by using one of the other options (routing, etc).

View solution in original post

0 Kudos
Alias
Explorer

Thank you, I will try

0 Kudos