A VPN group is a set of VPN tunnel configurations. The Phase 1 and Phase 2 security parameters for each connection in a group can be different or identical except for the IP address of the remote gateway. The order of connections in the Group defines fail over priority of the connection.

Connection included in the Group must be activated and manually connected for the first time before praticipating in the failover. Connection will not failover to the subsequent Connection if it is manually disconnected.

When the primary connection fails, the subsequent active connection in the Group takes over without manual intervention and keep traffic moving. The entire process is transparent to users. For example if the connection established using 4^th Connection in the Group is lost then 5^th Connections will take over.

Cyberoam considers connection as failed connection if:

• Remote peer does not reply - for Net to Net and Host to Host connection
• Local Gateway fails – for Road warrior connection

Prerequisites

• Packets of the protocol specified in failover condition must be allowed from local server to remote server and its reply on both Local and Remote server
• One connection can be included in one Group only
• Connection must be ACTIVE to participate in failover

Cyberoam VPN failover can be deployed in any number of possible configurations and support remote/branch offices to seamlessly establish a VPN connection to a secondary gateway, should the connection to the primary gateway be terminated, allowing for continuous uptime.

·    Setup VPN redundant tunnel in the network configured with multiple gateways.

·    Setup VPN redundant tunnel in the network configured with single gateway at remote end