Documentation
|
Support
Configuration process
> Redundancy and failover
Redundancy and failover
Forcepoint IPsec Advanced Guide | Forcepoint Web Security Cloud
For each device you configure in the cloud portal, two Forcepoint points of presence (data centers or local PoPs) can be selected. Forcepoint strongly recommends configuring your device to achieve geographic redundancy using both PoP addresses.
Important
Connection redundancy is a requirement for the Forcepoint Web Security Cloud SLA
You can achieve geographic redundancy by
either
:
Configuring primary and secondary tunnels, and using the connectivity monitoring address to monitor the status of the primary tunnel, with automatic failover to the secondary tunnel,
or
Configuring the two point of presence addresses as multiple IPsec peers for the same tunnel.
Use the appropriate IP addresses for your selected points of presence. These are listed in the article
IP addresses for GRE and IPsec Advanced connectivity
.
To decide which points of presence are best for your environment, consider:
Which are nearest
Any geographical or data sovereignty concerns around where users browse or where their reporting data is stored
Note
Failover behavior, particularly cross-point of presence failover, could change an end user's browsing experience. For example, some sites may change localization or presentation between a UK PoP and a German PoP (for example, www.google.co.uk might automatically redirect to www.google.de or www.google.nl, depending on which point of presence users' traffic is directed though).
Bear in mind that point of presence failover should be an exceptional occurrence, so this behavior might be acceptable in emergency circumstances.
Configuration process
> Redundancy and failover
Copyright 2022 Forcepoint. All rights reserved.