Roaming

If the main IP address of a client changes, interface roaming maintains the logical connection. The client tries to reconnect on every interface change. It stays in Reconnecting status until the network connection is returned or roaming times out.

Disconnect when connectivity to network is lost:

  • No - Roaming is set with unlimited timeout. The client keeps trying to reconnect until the session times-out.

  • Configured on the endpoint client - Default client configuration sets this option to false, so roaming is unlimited by default. If you create a client MSI that enabled the Disconnect option for clients, roaming is limited to the set time-out (default is 2 minutes).

  • Yes- Roaming is limited by a time-out that is 2 minutes by default. The client will give up on Roaming after the time-out passes and will fail the connection. If the time-out is set to 0, the client does not try to reconnect automatically after the main IP address changes.

You can configure how long the client will continue to roam until it fails the connection.

To configure the roaming timeout:

  1. Close all SmartConsole windows.

  2. Connect with Database Tool (GuiDBEdit Tool) to Security Management Server

  3. In the upper left pane, go to the Global Properties -global_properties.

  4. In the upper right pane, select firewall_properties.

  5. Press CTRL+F (or go to the Search menu - Find) - paste endpoint_vpn_implicit_disconnect_timeout - click Find Next.

  6. In the lower pane, right-click the endpoint_vpn_implicit_disconnect_timeout - select Edit... - enter the number of minutes that you want clients to roam before failing the connection - click OK.

Note - Some gateways do not accept zero value for this setting.

  1. Save the changes: go to the File menu - click Save All.

  2. Close the Database Tool (GuiDBEdit Tool).

  3. From the SmartConsole, install the policy on the Security Gateways.