Checks whether the dual-tunnel mode is supported for the VPN gateways and whether the active and standby tunnels are connected. If both conditions are met, the evaluation result is considered compliant.
Scenarios
An enterprise configures a dual-tunnel VPN Gateway to ensure that both the active and standby tunnels are successfully connected to the peer. This configuration allows automatic switching to the standby tunnel when the active tunnel fails, ensuring business continuity and high availability of data transmission. This configuration is considered "Compliant" with a default risk level of high.
Risk level
Default risk level: high.
You can change the risk level as needed.
Detection logic
Checks whether the dual-tunnel mode is supported for the VPN gateways and whether the active and standby tunnels are connected. If both conditions are met, the evaluation result is considered compliant.
Rule details
Parameter | Description |
Rule name | Dual-tunnel VPN Gateway with established active and standby tunnels |
Rule identifier | |
Automatic remediation | Not supported |
Rule trigger | Configuration change |
Supported resource types | ACS::VPN::VpnConnection |
Input parameters | None |
Remediation guidance
For more information, see Upgrade an IPsec-VPN connection to dual-tunnel mode.