Skip to main content
martyyy
martyyy
Explorer III
April 30, 2025
Question

Issue with IPsec Tunnel Recovery After WAN Failover + BGP Preference Configuration

  • April 30, 2025
  • 2 replies
  • 754 views

Hi,

 

We have the following setup:
SD-WAN with WAN1 (Fibre) and WAN2 (4G)
Two IPsec tunnels: To-Hub1 (via WAN1) and To-Hub2 (via WAN2)
Both tunnels exchange different BGP routes
There are two issues:
Fibre (WAN1) had an outage and traffic failed over to 4G.
After Fibre restored, logs showed To-Hub1 reconnecting successfully, but the tunnel remains down in the firewall.
How can we set different route preferences between these two BGP tunnels?
We want traffic to prefer To-Hub1 and only failover to To-Hub2.

 

TIA :) 

2 replies

Jean-Philippe_P
Staff & Editor
Jean-Philippe_P
Staff & Editor
May 2, 2025

Hello martyyy, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
funkylicious
SuperUser
funkylicious
SuperUser
May 2, 2025

hi,

you could create a route-map for each link and apply it outbound ( route-map-out ) on the hub that would send a different community to the spoke for each link and on the spoke to match the communities and assign a local-pref in order to influence the outbound traffic for each vpn tunnel/link. this would influence the outbound traffic from spoke to hub, to select the link outbound traffic.

 

on the hub, i would create another route-map and apply it inbound ( route-map-in ) and assign a local pref to prioritize the outbound traffic locally from the hub generated, from hub > spoke.

"jack of all trades, master of none"
    Terms & ConditionsAccessibility statement