Failover
Issue 4 May 2005 229
10. In the Hosts field, click Add, to enter the network host or hosts for which you want to
monitor connectivity. You can define up to five DNS names or IP addresses. These hosts
can be either within the VPN or outside the VPN. If the host is within the VPN, the host
information is encapsulated in the associated VPN policy. If the host is outsi de the VPN, the
host information is sent in the clear.
11. In t he Remote TEP field, click Add, to enter the tunnel endpoints (TEP) for the central site
that the remote VPN device establishes a network connection. If the network path failure
criteria is met while the remote security gateway is trying to est abli sh a network connec tion,
the remote VPN tries to alternate TEPs until a network connection is made.
For more information regard Failover TEP, see Failover TEP on page 218.
12. In the Device/VPN Mappings area, click Add to enter the device type and configured VPN
information. Click OK.
13. Click Save.
Failover reconnect
When failover is configured on the security gateway, the security gateway is enabled to detect
connectivity failures to the configured TEPs. If failover is detected, the security gateway will
attempt to connect to an alternate TEP.
In some network configurations, alternate TEPs are considered temporary, and the expected
behavior is that a system reboot would revert to the original TEP. However, the security gat eway
remains connected to the alternate TEP until the administrator switches the connection back t o
the original TEP.
Beginning in release VPNos 4.4, failover reconnect option can be set using the failover
advanced settings. The failover advanced settings include preserve current remote tunnel end
point (RTEP) and restore primary remote tunnel end point (RTEP).
If a system reboot occurs, the failover proxy inspects the failover reconnect valu e. If the val ue is
set to preserve current RTEP, the failover proxy remains at the current value allowing the
security gateway to remain connected to the RTEP in use prior to the system r eboot. If the value
is set to restore primary RTEP, the failover proxy retrieves the information for the original RTEP
and restores the RTEP to the original values.

To set up failover reconnect:

1. From the VPNmanager Configuration Console, select the Failover object. The Failover tab
appears.
2. From the Failover>Contents column select the device to configure.
3. Select the appropriate failover reconnect option.
Preserve current RTEP
In the event of tunnel failover, leave the current remote tunnel end point i n eff ect followi ng
a system reboot.