1 Reply Latest reply on Jul 1, 2016 3:19 AM by lnurmi

    VPN over Multilink from 325 Cluster to Cisco Router


      Does anyone know if it is possible to run a VPN from an NGF-325 cluster over 2 DIA connections in a multilink to a Cisco router, or would it have to be NGFW to NGFW?

      This would be so we could aggregate the bandwidth between the 2 DIA's (or just provide resilience, or an alternate path for selection by QoS...).




        • 1. Re: VPN over Multilink from 325 Cluster to Cisco Router

          The 6.0 product guide (page 910) says this:


          "Note: Multi-Link is only supported with Stonesoft NGFW gateways at both ends. If an external

          gateway device allows configuring multiple VPN tunnels between two devices, you might still be

          able to use some Multi-Link features. Not all Multi-Link features are available with an external

          gateway device."


          But we've seen it to work with Cisco at least in active-standby link configuration. With active-active there is the question how the other end should select the tunnel to use, and AFAIK Cisco only has a standby option available (not sure about latest versions though). Aggregate mode for the links will for sure only work with between two NGFWs.