Evaluates whether a VPN gateway supports dual-tunnel mode and both the active and standby tunnels are connected. The resource is compliant if both conditions are met.
Scenarios
A dual-tunnel VPN gateway requires both the active and standby tunnels to be connected to the peer. If the active tunnel fails, traffic automatically switches to the standby tunnel, ensuring business continuity and high availability. The default risk level is high.
Risk level
Default risk level: high.
You can change the risk level as needed.
Detection logic
Checks whether a VPN gateway supports dual-tunnel mode and both the active and standby tunnels are connected. If both conditions are met, the resource is compliant.
Rule details
|
Parameter |
Description |
|
Rule name |
Dual-tunnel VPN Gateway with established active and standby tunnels |
|
Rule identifier |
|
|
Automatic remediation |
Not supported |
|
Rule trigger |
Configuration change |
|
Supported resource types |
ACS::VPN::VpnConnection |
|
Input parameters |
None |
Remediation guidance
For more information, see Upgrade an IPsec-VPN connection to dual-tunnel mode.