VPN FAILOVER

L4 Transporter

VPN FAILOVER

there are two offices.branch and head.in head office there is palo alto networks NGFW and in branch office it is Kerio Control.in each office there are 2 connections two different ISPs.

Is it possible to make VPN tunnel failover between these offices by kerio control in one side and palo alto networks in orher?image002 (1).png

L2 Linker

Re: VPN FAILOVER

Yes.

L7 Applicator

Re: VPN FAILOVER

@Radmin_85,

Were you looking for the details on how you would accomplish this or did you simply want to verify the PA could do this function? 

L4 Transporter

Re: VPN FAILOVER

i want to know whether PA can do this function in conjuction with Kerio control?

L7 Applicator

Re: VPN FAILOVER

@Radmin_85,

I can't speak on the Kerio Control side as I don't know anything about them, but the PA can handle this perfectly fine and won't give you any issues once properly configured. 

L4 Transporter

Re: VPN FAILOVER

can you give me some detailed technical info or source from PA side?

L7 Applicator

Re: VPN FAILOVER

On PA the general feature for VPN failover is Tunnel Monitoring.  This is described here.

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/Dead-Peer-Detection-and-Tunnel-Monitorin...

 

A fuller example of implementing VPN failover between two ISP is in this configuration example.

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Configure-a-Palo-Alto-Networks-Fi...

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L4 Transporter

Re: VPN FAILOVER

it didnt work.we tried this issue.

we have to create two vpn tunnels between kerio and PA. One tunnel we can do but other one doesnt go up.there is no info in logs.tunnel just doesnt go up

L7 Applicator

Re: VPN FAILOVER

You will need the logs from the responder for the reasons.

 

They are using different gateways right?

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L4 Transporter

Re: VPN FAILOVER

yes both offices use different gateways.i mean they both have two separate connection to two  different ISPs.you mean logs from Kerio side?

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!