SG-2100 VPN failover with 2 WANs and 1 LTE 4G/5G WAN

Hello, I would like to setup a gateway group on the Netgate SG-2100 appliance with 3 WAN interfaces (one of them should be via LTE service) and use it as a VPN failover at a site-to-site VPN connection (IPSec, OpenVPN, Wireguard etc). Will there be any issues if the gateway group fails over its internet connection to the LTE internet service and tries to restore the site-to-site VPN connection through it?
I am asking because the site-to-site VPN between the branch-HQ where this Netgate SG-2100 is planned to go is mission critical and I want to eliminate any copper/fiber disconnections from roadworks as a point of failure, Thank you.

This is just theoretical, as long as the exit gateway is the gateway group it should all work. However, once it fails over to the LTE, I don’t see how it will reconnect to fiber, that is until the LTE fails.

I have a vlan that exits via a gateway group it does failover when there is high packet loss / latency but I can’t see a solution whereby the fastest connection is selected. On the gateway there are more settings under advanced that might need some tweaking.

1 Like

The LTE will probably have a higher latency and will probably drop more packets then the fiber/cable, maybe your policy to switch based on these factors could be used to go back to fiber. Or can it be set on a timer so that every 5 minutes it checks to see if the preferred connection is back. I haven’t worked on any failover so just chucking ideas out here.

1 Like