Skip to main content
Manus_Mp
Manus_Mp
New Member
January 16, 2026
Question

SIte To site VPN fail over not working

  • January 16, 2026
  • 1 reply
  • 206 views

I have created 1 Hub with 2 branch office ( No forti manager ) ,  HUB having 2 ISP with static IP , branch having 2 ISP with dialup. created tunnels and created aggrigate tunnel. but fail over not hapening. some time 1 tunnel will work. routing also not working. can anybody help for the best practice / document for the config

1 reply

joshbergm
joshbergm
Explorer
January 16, 2026

Hi!

Make sure to use IP SLA to verify the working of the remote site.

If you're using BGP make sure multipath is enabled

 

I would recommend changing the aggregate IPsec to SD-WAN overlay make use of "Maximize bandwith"

Manus_Mp
Manus_MpAuthor
New Member
January 16, 2026

Can you please share the link/doc for the configuration

joshbergm
joshbergm
Explorer
January 16, 2026

For SD-WAN?

Please follow this guide:

 

https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-sd-branch-deployment-guide/497384/defining-sd-wan-zones-for-the-overlay

Chapters:

Deployment procedures -> WAN edge -> Overlay -> Defining SD-WAN zones for the overlay

Deployment procedures -> WAN edge -> Overlay -> Defining SD-WAN members

Deployment procedures -> WAN edge -> WAN edge intelligence -> Defining performance SLA

Deployment procedures -> WAN edge -> WAN edge intelligence -> Creating SD-WAN rules.

 

Goodluck!

Terms & ConditionsAccessibility statement