Hi Ryan,
if VIA is installed on all laptops in our environment, and if for whatever reason the internal IP address in the connection profile becomes unreachable (reboot of controller, hardware failure, etc.), VIA will simultaneously launch on all laptops and attempt an IPSEC connection to the controller through the Internet. Correct?
The changes of external IP address being not accessible are high when internal IP address is down. This is because both of these IPs are from the same controller. Thus the via connection attempt itself fails altogher.
And yes, if for reason only the internal IP address is not accessible, then VIA thinks it is sitting in not a trusted network and starts connection through Intranet.
But, for some reason if this happens then the connection even if established will not sustain as VIA automatically disconnect if the Internal IP address is not accessible through tunnel.
If so, is there a way to mitigate that problem? Will putting a second entry in the connection profile stop all laptops from launching VIA, should the primary entry become available?
Adding multiple entries in the connection profile for the field of internal IP address is not supported as of now.
I dont see any reliable ways to prevent internal computers from attempting connection.
You may try to restrict access to the controller's public IP from intranet.
You may try disabling auto connect feature of VIA and let users manually press the Connect button when needed.