Technical Tip: How a FortiManager can manage a FortiGate via Redundant WAN interfaces
Description
Limitation: FortiManager will only associate a single management IP address with a managed FortiGate at any given time.
Traditionally this is the WAN IP address on the FortiGate. But what happens when that WAN interface on the FortiGate (or the path to that interface) is down?
Normally, the FortiManager would have to wait until the FortiGate has reestablished the connection.
This article explains how to take advantage of SD-WAN & IPSec to provide multiple redundant paths for the FortiManager to reestablish the FGFM tunnel to the IP address on the LAN interface of the FortiGate, instead of the WAN interface.Note: This approach can also be applied to a Loopback interface on the FortiGate.
Scope
This article describes the implementation of redundancy using IPsec VPN.
Solution
Get more information in attached articles:
How to control/change the FortiGate source IP for self-originating traffic : SNMP , Syslog , FortiAnalyzer , Alert Email , FortiManager
Related Articles
Technical Tip: Adding Multiple FortiGate to FortiManager using the same Public IP