Setting up redundant isps between two fortigates

Question

Hey Folks I was hoping I could get some help on the best practices on setting up 3 ISPs in an SDWAN configuration from my 100F to my 60E at a remote site that houses a few servers .

I have a 5g modem , att fiber connection and spectrum business service all plugged into my 100F firewall .

Wan1 Spectrum

IPSECTUNNEL1

Port11 ATT Business

IPSECTUNNEL2

Port12 ATT 5g

IPSECTUNNEL 3

I have 3 ipsec tunnels built between the two fortigates as well and they are all the same phase 2 selectors .

All I am trying to do is put the 3 ips into the SDWAN and have the fortigate fail over from 1 downed isp ( wan1 wi/ ipsectunell1) to the second Wan connection (Port 11, ipsectunnel2) etc . I've tried setting this up once and had issues with different communication going over different isps when all I want is all the communication going over 1 isp and one tunnell until the need to fail over. I've been knocking my head on a wall looking for this exact scenario and how to set it up the easiest way . Any help is appreciated.

AEK · Answer

You can set the SD-WAN rules like this:1st rule: Src: all. Dst: remote-subnet. Strategy: Manual. Interface: IPsec12nd rule: Src: all. Dst: remote-subnet. Strategy: Manual. Interface: IPsec23nd rule: Src: all. Dst: remote-subnet. Strategy: Manual. Interface: IPsec3Do the same on the remote FGT.Once IPsec1 is down, traffic fails-over to IPsec2, and so.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded