3 ISP's, one fortigate - IPSEC VPN config?

Question

We have one Fortigate (well, 2 in a HA failover setup). We've had just one ISP, but are adding another fiber provider and a cellular one.

For years, our FortiClients have connected to our one IPSEC VPN (HQVPN) which is on the port Spectrum comes in on.

So what is the better way to add these additional ISP's? We plan on using the cellular one mostly for remote FortiExtenders - no more campers on the interstate catching on fire melting the fiber taking us offline :) But we'd like the end user to be able to connect via either fiber ISP.

Do we just need to clone our HQVPN and bind the new copy to the port for Conexon? And then just push out the second option (HQVPN2) out via FortiEMS to the FortiClients? This could help because we do have some users who their path to us has issues and would allow them to switch if that became an issue. Do we need to adjust anything else on the VPN settings?

Thanks. Figured it'd be better to ask first before testing!

adambomb1219 · Answer

That's one way but then the users have to manually select. The other way is to use a DNS GSLB like FortiADC, F5, CloudFlare, etc and intelligently change the DNS response based on which ISP is up/down or based on load.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded