City Research Online

Abstract

Reliable failover performance is a critical factor in maintaining the availability of site-to-site virtual private networks (VPNs). This study presents a comparative analysis of failover times among four leading firewall vendors: Fortinet, Check Point, Palo Alto Networks, and Cisco. A controlled test environment was designed to evaluate how different configuration parameters and default settings influence the time required for VPN tunnels to recover after a link or device failure. The results highlight significant variations in failover behavior across vendors, with differences attributed to IPsec rekeying mechanisms, detection timers, and session handling strategies. By identifying the configurations that achieve the lowest failover times, this research provides practical guidance for network administrators and security engineers seeking to optimize high-availability VPN deployments. In addition, the study emphasizes the importance of fine-tuning IKE parameters to minimize downtime. The findings suggest that vendor specific optimizations play a greater role than hardware capacity in achieving fast recovery. Future work may extend this analysis by incorporating cloud-based firewalls and hybrid WAN environments for a broader perspective.

Publication Type:	Conference or Workshop Item (Paper)
Additional Information:	© IEEE 2025. All rights reserved.
Publisher Keywords:	Site-to-Site VPN, Failover Time, IPsec, IKE, Firewall Vendors
Subjects:	Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Departments:	School of Science & Technology School of Science & Technology > Department of Computer Science
SWORD Depositor:	Symplectic Administrator

Export

Downloads