VPN Link Selection is a feature that allows the Security Gateway to select the best link for each VPN tunnel based on the network topology and the Link Selection configuration1. When the primary VPN link goes down, the Firewall can update the Link Selection entries to start using a different link for the same tunnel, as long as the remote peer supports this feature and has multiple IP addresses configured2. This way, the VPN tunnel can be maintained without interruption or renegotiation. The other options are not correct because:
Firewall
A. The Firewall will not drop the packets, but will try to send them over another link if possible.
Firewall
C. The Firewall will not send out the packet on all interfaces, but will use the routing table to determine the best interface for each destination.
Firewall
D. The Firewall will not inform the client that the tunnel is down, but will try to keep the tunnel up by switching to another link.
References: IPSec VPN - Link Selection, Outgoing VPN Link Selection on a gateway with multiple external interfaces
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Firewall
Firewall
Firewall
Submit