All Products
Search
Document Center

Cloud Config:Dual-tunnel VPN Gateway with established active and standby tunnels

Last Updated:Jun 17, 2026

Evaluates whether a VPN gateway supports dual-tunnel mode and both the active and standby tunnels are connected. The resource is compliant if both conditions are met.

Scenarios

A dual-tunnel VPN gateway requires both the active and standby tunnels to be connected to the peer. If the active tunnel fails, traffic automatically switches to the standby tunnel, ensuring business continuity and high availability. The default risk level is high.

Risk level

Default risk level: high.

You can change the risk level as needed.

Detection logic

Checks whether a VPN gateway supports dual-tunnel mode and both the active and standby tunnels are connected. If both conditions are met, the resource is compliant.

Rule details

Parameter

Description

Rule name

Dual-tunnel VPN Gateway with established active and standby tunnels

Rule identifier

vpn-connection-master-slave-established

Automatic remediation

Not supported

Rule trigger

Configuration change

Supported resource types

ACS::VPN::VpnConnection

Input parameters

None

Remediation guidance

For more information, see Upgrade an IPsec-VPN connection to dual-tunnel mode.