Skip to main content
rlshd
rlshd
New Member
March 29, 2024
Question

Configuring S2S link over dedicated link

  • March 29, 2024
  • 2 replies
  • 1183 views

Hello, 

Currently i have 2 branch offices connected with IPSEC site-to-site link, and all was working flawlessly.

Last time ISP proposed to us to setup a dedicated link for us.

Now everything is setup on ISP side, and we have deisgnated VLAN. Isp Prepared untagged port on their devices in both locations. 

Now im looking for the most efficent way to set this up. I would like to not use IPSEC over that link, to avoid bottlenecks. Link for the most part will be used to transfer VM backups between sites.

We would like to keep ipsec tunnel through WAN interfaces as a backup for connectivity. 

I Have 40F devices on both sides

2 replies

ozkanaltas
ozkanaltas
Valued Contributor III
March 29, 2024

Hello @rlshd ,

 

You can use the ipsec tunnel on your wan interface and dedicated interface. If you want to create a backup connection on the wan link you have two options for that. 

 

You can configure sd-wan or link monitor. If you want to get more information about that, you can review these documents. 

 

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/647723/link-monitor-with-route-updates

 

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/19246/sd-wan

 

hbac
Staff
hbac
Staff
March 30, 2024

Hi @rlshd,

You can have 2 tunnels, 1 through WAN and 1 through the dedicated link. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Implement-IPsec-Backup-Tunnel/ta-p/245084

 

Regards, 

Terms & ConditionsAccessibility statement