Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
1
Replies

FTD site to site VPN extranet peer FQDN instead of IP

robinhall1
Level 1
Level 1

‎08-01-2022 06:42 AM

I have a peer that I send backups to. They have two sites that they use for the backups. One is a primary and one is a secondary disaster site. The tunnel is always initiated from my side. They have a FQDN that is supposed to be used for the peer address so when they do disaster testing it automatically fails over to the secondary site. With FTD version 7.0.0 you can set up a backup IP address but this does not seem to work as expected and this failed and required manual intervention. I am trying to use the FQDN for this but it requires an IP for the extranet peer. Is there a way to configure this so that I can use the FQDN instead of the IP address? Maybe something like setting up a local loopback that can be used for the extranet peer then point to an FQDN? Using an FQDN for a remote peer is a common solution and I am baffled why this wouldn't be something that is available for this configuration. 

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎08-01-2022 07:01 AM

@robinhall1 unfortunately loopback interfaces aren't supported on FTD (yet) and nor can you configure an FQDN for a peer.

Perhaps, use IP SLA to detect the primary site is down and then failover to the secondary site or use a route based VPN.

0 Helpful
Customers Also Viewed These Support Documents