09-12-2022 06:13 AM
Does anyone know if GW preemption can be achieved with GlobalProtect Agent?
Meaning, that we use primary and secondary GW, whereas secondary GW should be used only in case primary is not reachable.
So far, the failover to secondary GW works perfectly if the primary becomes unreachable, however, as soon the primary becomes available again it doesn't fall back. Primary GW has the highest priority and secondary GW the lowest.
Is such a scenario possible?
09-12-2022 10:26 AM
I do not believe there are any preemption options for the gateway. Failover from the primary to secondary works because the client will automatically try to reconnect when is loses connection to the gateway, so it will test the primary, find it is unreachable, and then fail to the secondary. But when the primary comes back up it is already connected (to the secondary) gateway), so there is no reason to retest. Clients should automatically return to the primary gateway when the maximum VPN lifetime expires, though this may take considerable time (I believe the default is 30 days).
Some options might be: decrease the VPN lifetime; tell clients to manually switch back to the primary; or block the secondary gateway to force clients back to the primary.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!