multiple WAN interface option in Ipsec client vpn settings
Need the Option to add multiple WAN interfaces in Sophos Connect client settings.
if there is 2 WAN connection and 1 connection is down then the remote client don't have any option to connect to VPN through 2nd available ISP. if this option is available then the user will have 2 profiles in their Sophos connect client.
We really need automatic VPN failover for our users. Their local VPN configuration should include the ability to auto switch between the two ISPs when the primary fails.
Angelo Orlando commented
Yes better have it as implementation|option instead than do it manually adding the second vpn server ip address in the config file ovpn
Brian Ritchie commented
Matthew Norman commented
This would be great! We create failover groups for other important IPsec connections why can't we do the same for our own employees with sophos connect?
This needs to be implemented in the next release. Really should have already been an option. Now we have to push out the config to all the users if there is any configuration changes.
This should be a priority now with most companies being sent home to work.
Totally agree with Emre on this, There should be option for 2nd WAN port in configuratoin. and it should be added in the tgb file (profile) and switch automatically without any user / administrator intervention.
For me it does not matter how many connection profiles we have in clients. I need an option on Firewall side that allows us to choose second ISP (gateway) as a failover. It may switch automatically to second when first gateway was down.
Of course would be better to set this in a single configuration file on client...
Scott Wood commented
+1 on multiple WAN option.
I got tired of sending out new VPN profiles whenever primary WAN went down, so I sorta half-fixed that by setting a Dynamic DNS entry for the primary WAN port and using the Sophos Connect Admin utility, changed the target host in the .tgb file to the Dynamic DNS name (we configured the Sophos '.myfirewall.co' DDNS service). On WAN failover, I still have to log into the firewall and manually change WAN port in Sophos Connect config, then in Dynamic DNS and wait for it to update/expire/propagate, but you don't need 2 profiles or any other changes on the clients.