Sub-Tunnel Failover



Our customer has a scenario with 2 sub-tunnels in on SF connection, one separate WAN link in each sub-tunnel. In case of failure of one of sub-tunnels, what would be the delay for the traffic which were configured to traverse through the failed sub-tunnel to switch to the healthy sub-tunnel? My answer to the customer would be it actually depends on the health-check configuration of WAN links but I wanted to be sure before a certain answer.




Hello yucelistik,

Using Outbound Policies you could use the other sub-tunnel as a backup by using the Priority Algorithm, so long as both of the WAN interfaces are still up.

Another option would be to list WAN2 as Priority 2 in the Sub-Tunnel. This way if WAN1 goes down the tunnel will start using WAN2.


Hello Zach,

Let’s take the first option as our choice. What would be the expected delay to failover to second sub tunnel as long as WAN2 is up?

Thanks for prompt answers.



As soon as the first SpeedFusion tunnel is detected as down packets should start being routed out the second SpeedFusion profile.