I currently setting up a PA 3020 for my DR site and currently have one set up for my Main site. I exported the configuration from my main PA and am using it to set up my DR PA. Is it possible to disable the VPN tunnels on the DR site so they will be there and not need to be configured if a cirsis happens but not interfer with the active working tunnels at my main site?
There is no "disable" option for vpn tunnels as we see in the security rules. The best we can do is to have 2 versions of the configuration file
1> Exact configuration as Main site. ( as back up config file loaded on device )
2> Same configuration but has the vpn configuration removed from the file as needed for the DR site.
So based on the need any of this file can be loaded when needed to have the tunnels up or removed.
So what is the best way to create to different configurations? Its easy enough to remove the extra tunnels from the DR site, backup the configuration. You good take the config file from the main site back it up and load it on the DR site but you do have to make several changes to the config account for the DR site being at a different location
Is there an issue creating a second set of tunnels? Unless you will have the same public addressing at your DR site, using the same configuration won't help (as the other end of the tunnel won't be configured for the DR IP address). Additionally, having a second set of tunnels that are already up will reduce your recovery time.
The only issue that might be caused by having the additional tunnels is confusion of the traffic. The DR site does have its only public address though. I would be more comfortable leaving the additional tunnels if I could assure that they will not interfer with the primary routes.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!