[2025 October Tips & Tricks] Always-On VPN with High Availability
Freshman Member
💡 What is the Secondary VPN Peer Gateway feature?
The Secondary VPN Peer Gateway enhances Zyxel VPN’s always-on connectivity by adding a backup gateway to your VPN configuration. If the primary VPN peer gateway becomes unavailable, traffic will automatically fail over to the secondary gateway. Once the primary gateway is restored, traffic can seamlessly fall back, minimizing downtime and ensuring uninterrupted access.
This feature strengthens business resilience with intelligent VPN High Availability (HA), keeping users connected even during unexpected outages.
✨ Key Benefits
- Business continuity: Keep operations running without interruption.
- Reduced downtime: Automatic failover and fallback ensure seamless user experience.
- Flexible deployment: Works with policy-based VPNs to support legacy environments.
- Cost efficiency: Prevents overuse of costly or limited backup connections.
👥 Who should use the Secondary VPN Peer Gateway?
This feature is especially useful for customers who:
- Use policy-based VPNs for compatibility with legacy peers.
- Want to reduce the impact of VPN outages and maintain service continuity.
- Rely on critical applications that cannot afford downtime.
- Operate in environments where ISP instability (e.g., mobile broadband backup links) is a concern.
⚙️ How do I configure the Secondary VPN Peer Gateway?
- Verify VPN type Ensure the VPN connection is established using a policy-based VPN configuration.
- Access the Nebula portal
- Log in to the Nebula Control Center.
- Navigate to Site-to-Site VPN.
- Configure peer gateway addresses
- Open the Manual-link VPN tab.
- In the Peer gateway address section, select Domain Name / IP.
- Enter the FQDN or IP address of both the primary VPN peer gateway and the secondary VPN peer gateway.
- Enable automatic fallback (optional)
- To have traffic automatically return to the primary gateway when it is restored, enable Auto fallback check interval.
- Set the interval (30–300 seconds) to determine how often the firewall checks if the primary gateway is back online.
- Once available, traffic will fall back to the primary gateway and the secondary connection will be terminated.
📌Tip: Auto fallback is particularly useful when the secondary link involves limited resources, such as a mobile broadband connection, where unnecessary usage should be minimized.
🛡️Device & Firmware Support Overview
Device Series | Firmware Requirement for Secondary VPN Peer Gateway |
|---|---|
USG FLEX H | uOS 1.36 or later Must upgrade to uOS 1.36 to enable this feature. |
USG FLEX | All ZLD versions (on-prem only) |
ATP | All ZLD versions (on-prem only) |
💬 Share Your Experience
Have you implemented Secondary VPN Peer Gateway? How has it improved your network uptime during outages?
We'd love to hear your setup experience and use cases. Join the conversation!
Categories
- All Categories
- 439 Beta Program
- 2.8K Nebula
- 199 Nebula Ideas
- 125 Nebula Status and Incidents
- 6.3K Security
- 488 USG FLEX H Series
- 322 Security Ideas
- 1.6K Switch
- 83 Switch Ideas
- 1.3K Wireless
- 46 Wireless Ideas
- 6.8K Consumer Product
- 284 Service & License
- 455 News and Release
- 89 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 95 Security Highlight