08-31-2017 06:20 AM
there are two offices.branch and head.in head office there is palo alto networks NGFW and in branch office it is Kerio Control.in each office there are 2 connections two different ISPs.
Is it possible to make VPN tunnel failover between these offices by kerio control in one side and palo alto networks in orher?
08-31-2017 07:21 AM
Were you looking for the details on how you would accomplish this or did you simply want to verify the PA could do this function?
08-31-2017 07:23 AM
i want to know whether PA can do this function in conjuction with Kerio control?
08-31-2017 01:07 PM
I can't speak on the Kerio Control side as I don't know anything about them, but the PA can handle this perfectly fine and won't give you any issues once properly configured.
09-02-2017 08:17 AM
can you give me some detailed technical info or source from PA side?
09-03-2017 04:55 AM
On PA the general feature for VPN failover is Tunnel Monitoring. This is described here.
A fuller example of implementing VPN failover between two ISP is in this configuration example.
09-05-2017 01:09 AM
it didnt work.we tried this issue.
we have to create two vpn tunnels between kerio and PA. One tunnel we can do but other one doesnt go up.there is no info in logs.tunnel just doesnt go up
09-05-2017 02:37 AM
You will need the logs from the responder for the reasons.
They are using different gateways right?
09-06-2017 12:54 AM
yes both offices use different gateways.i mean they both have two separate connection to two different ISPs.you mean logs from Kerio side?
09-06-2017 02:00 PM
If you don't have logs for the vpn I am assuming the PA is the initiator. The best failure logs are on the responder side of the VPN negociation.
If you don't have access to that side logs, you can enable the cli option for more logs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
