-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Route All traffic for GVC users with WAN Failover.
11/13/2023 
3 People found this article helpful
159,078 Views
Description
This configuration allows you to configure "Route-all" when WAN failover is configured.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
How to configure Wan GroupVPN in Route All mode: WAN GroupVPN Route All Traffic Policy
After configuring WAN GroupVPN in route All Traffic mode, NAT policies need to be configured on all WAN IPs.
If two WANs (X1 and X2) are configured in Basic failover mode, we must create NAT policy on both interfaces. The general NAT we create for " route All Traffic mode" is as:
- Original Source: Any
- Translated Source: X1 IP
- Original Destination: Any
- Translated Destination: Original
- Original Service: Any
- Translated Service: Original
- Inbound Interface: X1
- Outbound Interface: X1
As two WANs are configured in Basic failover method, two scenarios arise:
Scenario 1:
If X1 is the primary WAN, and the GVC user is using X1 WAN IP to connect, then the above NAT will work. But if the User is using X2 WAN IP to connect to GVC then Inbound Interface will be X2.
- Original Source: Any
- Translated Source: X1 IP
- Original Destination: Any
- Translated Destination: Original
- Original Service: Any
- Translated Service: Original
- Inbound Interface: X2
- Outbound Interface: X1
Scenario 2:
X2 is primary WAN and and the user is using X2 WAN IP to connect, then the above NAT will be as:
- Original Source: Any
- Translated Source: X2 IP
- Original Destination: Any
- Translated Destination: Original
- Original Service: Any
- Translated Service: Original
- Inbound Interface: X2
- Outbound Interface: X1
If user is using X1 WAN IP to connect to GVC as X2 is primary WAN, then NAT will be as:
- Original Source: Any
- Translated Source: X2 IP
- Original Destination: Any
- Translated Destination: Original
- Original Service: Any
- Translated Service: Original
- Inbound Interface: X1
- Outbound Interface: X2
In order to connect to GVC when failover is configured for two WAN interfaces, we need to configure 4 NAT policies. If WAN Failover is configured in three WAN interfaces, then six NAT policies need to be configured.
Related Articles
- How to re-deploy a NSv in the existing resource group in azure platform
- How to access a more specific network over VPN tunnel while having another Route All VPN policy
- How to limit bandwidth usage when playing YouTube videos using App Rules
YES
NO