FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description To Provide redundancy when there is more than one VPN to the same remote destination configure a higher Administrative Distance in the primary route to the static route of the primary VPN.
Solution Routing to subnet 192.168.1.0/24 is available through "VPN1" and "VPN2", "VPN1" has a higher Administrative Distance (10) so the route through "VPN2" is inactive. If "VPN1" fails, its route disappears from the Active Routing Table and the route through "VPN2" comes up.
Two VPNs with the same Remote Destination IP (10.9.9.1):
config vpn ipsec phase1-interface edit VPN1 set interface <wan_interface> set keylife 28800 set peertype any set proposal aes128-sha1 set dpd on-idle set comments "" set dhgrp 2 set remote-gw 10.9.9.l set psksecret ENC set dpd-retryinterval 5 next
config vpn ipsec phase1-interface edit VPN2 set interface <wan_interface> set keylife 28800 set peertype any set proposal aes128-sha1 set dpd on-idle set comments "" set dhgrp 2 set remote-gw 10.9.9.l set psksecret ENC set dpd-retryinterval 5 next
config router static
edit <id> set dst 192.168.1.0 255.255.255.0 set device "VPN1" set distance 10 next
edit <id> set dst 192.168.1.0 255.255.255.0 set device "VPN2" set distance 11 next
