This article describe the steps to use VPN/MPLS as a backup by walking you through an example setup.

The MPLS/VPN failover will only work when MPLS is configured on a WAN zone and not on any other zone.

The following sections are covered:

1. MPLS to IPSec Failover

2. IPSec to MPLS Failover

Example Setup:

Head Office UTM

The Head Office UTM has been configured with Eth0 as LAN, Eth1 as WAN and Eth2 as WAN.

The MPLS link has been terminated on WAN (Eth2).

Seqrite LAN Network:

Seqrite WAN IP: (Connected to HO MPLS router)

Seqrite WAN IP:

Branch Office UTM

The Branch Office UTM has been configured as follows:

Seqrite LAN Network:

Seqrite WAN IP: (Connected to BO MPLS router)

Seqrite WAN IP:


1. MPLS to IPSec Failover

Configure the IPSec connection between Head Office and Branch Office, refer to the article 

http://esupport.seqrite.com/support/solutions/articles/23000013895-how-to-establish-a-site-to-site-ipsec-vpn-connection-using-a-pre-shared-keys-in-utm  for details on how to establish an IPSec VPN.

In this scenario MPLS link would be primary and IPSec will be configured as backup of MPLS.

As soon as MPLS link will go down, IPSec will come up automatically and Connection would be there using IPSec VPN.


Once the MPLS link gets restored or it is up then IPSEC VPN will automatically go down and MPLS link would work as Primary.

MPLS static Route and MPLS is configured as WAN interface.

Configured IPSec as backup of MPLS.

Under Link Failover setting please select MPLS interface or whatever WAN interface you have configured as Primary. In our case MPLS is Primary and its WAN interface IP is Then select rest of the parameter for configuring VPN.

2. IPSEC to MPLS Failover


In this scenario customer’s MPLS link would work as secondary and IPSEC will be configured as Primary VPN.

Customer needs to configure Site to Site IPSEC VPN as Primary and MPLS route too.

Once VPN connection will go down then all the VPN traffic will shift to MPLS route and connection will be up.

Configured MPLS as backup of IPsec.

Please contact Seqrite Technical Support for more assistance.