I am researching getting another ISP into our building for redundancy and i would like to know a little more about setting up an Active / Passive failover on my SSG20.
From what i read doing a google search, it seems like (and please correct me if i am wrong) i just need to set a route in either Source or Destination routing with the backup ISP to a higher metric than my primary ISP.
so...
destination gateway interface Preference Metric
0.0.0.0/0 ISP1 Eth0/0 20 1
0.0.0.0/0 ISP2 Eth0/1 20 2
But as far as my route based VPNs, would i also have to do something similar to the example above but with my VPNs?
destination gateway interface Preference Metric
Facility 1 Eth0/0 tunnel.1 20 1
Facility 1 Eth0/1 tunnel.2 20 2