Overview

Multiple tunnels can be created for fail over or load balance purposes.

For ASA/FTD:

The IP address is used as a unique VPN Peer ID for the tunnel.  You must utilize different egress IPs for each tunnel.  You can terminate both tunnels to the same Umbrella DC if desired.

For other devices that support FQDN VPN ID:

Multiple tunnels can be created behind the same egress IP if "User FQDN" VPN ID is used to identify the tunnel. 

• Configure the Network tunnel using the 'Other' profile in (Deployments > Network Tunnels) in Umbrella. 
• This allows you to optional configure an FQDN to be used as the Tunnel ID, instead of IP address.
• Reconfigure your device to use the configured "User FQDN" peer ID. (eg. site1@12345678-987654321-umbrella.com)

The tunnels can optionally terminate at the same Umbrella DC.  For instance, if the tunnel ID are site1@12345678-987654321-umbrella.com and site2@12345678-987654322-umbrella.com. They can terminate on the same head-end.