Is there anyway to setup 3-5 vpn connections and then have them rotate or fail over is one. Has a ton of latency. An example is a have a server that I have setup with a VPN connection and sometimes that connection gets overloaded. It would nice to have the firewalla switch to another VPN connection?
This would be very useful. Even 2-3 profiles as fallback options when a VPN profile disconnects or slows down significantly.
A good start would be to monitor health (connectivity, latency, etc.) then alert on it. Later we could choose to failover to another profile if threshold X is attained or something?
Well, anything is possible. In your case, you want to automatically rotate VPN endpoints? If you do, how many total VPN clients do you have (including those rotating). These connections costs memory; If you have more than 5 that may be active at the same time , the Gold Pro probably is the only one can handle it.
Is availability more important? Or more bandwidth (moving to less congested servers)
This would be cool too. Maybe offer this functionality for lower powered boxes?
So in this example I am referring to different servers from my provider. So vpn connection one is for Washington, connection 2 is for Arizona, connection 3 is for Colorado. Connection type will most likely be WireGuard. So if your on connection one and it starts to get overloaded latency is over 200ms then connection two takes over if latency is under 200ms or whatever the value will be. I love the kill switch and that needs to stay in place. Hopefully that makes sense.
So if the vpn connection fails then th option to block network traffic should work and then fail over to another connection
Okay, got it, in your case, you will need to have 2 vpn in std by and 1 active.
Is this already a feature?
Not yet. A few of us always felt proper vpn should be load balanced at the server side … I passed this to them as a real world example already. I may do a survey on this next week. Adding networks is very costly, so not sure we can even do it with the gold se or gold plus without a huge redesign … gold pro should be fine, it is loaded with memory
Well hopefully you can make it work on the golds as I have two of them and would really like this implemented.
Please keep me posted and hopefully more can understand this need and it gets implemented. I’ll test it for you if you want I’ve got three gold, gold 2nd gen and soon the pro
Looks like we will be expecting SD-WAN features in upcoming new Firewalla products! 