Hey Mates,
we are running 80.20 in our headquarter and use 1430 Appliances in our branch offices.
Currently we are facing perfomance issues and it seems the internet connection we use for the site-to-site vpns might be undersized.
We have 2 ISPs and so far we are using only one for the site-to-site. The second line is bigger and we would like to switch our site-to-sites to the bigger connection.
However, we would like to test it with our lab and we are currently lost on how to do this.
Our firewall cluster is in an Encryption Domain with "always use this addess" configuration to public IP adress of the weak line. We looked at link selection but we are uncertain if that is the solution to our problem
Each interface is used by a different remote party:The local Security Gateway has two IP addresses used for VPN. One interface is used for VPN with a peer Security Gateway A and one interface for peer Security Gateway B.To determine how peer Security Gateways discover the IP address of the local Security Gateway, enable one-time probing with High Availability redundancy mode. Since only one IP is available for each peer Security Gateway, probing only has to take place one time.
Would this work for us? We want the test site-to-site to strictly use one IP to test the connection. From what I gather from the documentation link selection is more for high availability and less for strict traffic separation.
Any tips would be appreciated
Kind regards
D