Configuring VPN Failover to a Static Route

You can configure a static route as a secondary route in case the VPN tunnel goes down. When defining the route policies, the Allow VPN path to take precedence option allows you to create a secondary route for a VPN tunnel and gives precedence to VPN traffic having the same destination address object. This results in the following behavior:

• When a VPN tunnel is active: static routes matching the destination address object of the VPN tunnel are automatically disabled if the Allow VPN path to take precedence option is enabled. All traffic is routed over the VPN tunnel to the destination address object.
• When a VPN tunnel goes down: static routes matching the destination address object of the VPN tunnel are automatically enabled. All traffic to the destination address object is routed over the static routes.

To configure a static route as a VPN failover

1. Navigate to POLICY | Rules and Policies > Routing Rules.

2. Click + Add.

   

3. Type a descriptive name for the policy into the Name field.

   Type up to three Tags to help you locate your policy rule. Use commas as separators.

4. Select the appropriate Source, Destination, Service, Gateway, and Interface.

5. Define Metric as 1.

6. Select Allow VPN path to take precedence.

7. Click Save.