Technical Tip: Tuning Redundant S2S VPN

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 206366

Description

This article describes that, create two s2s VPN tunnel on each ISP link, the failover taking too long.

Scope

IPsec VPN.

Solution

Change the value below to speed up the failover process for IPsec tunnel.

# config vpn ipsec phase1-interfac
edit <Tunnel Name>
set dpd-retrycount X
set dpd-retryinterval Y
end

By default X=3 and Y=20, it will take up 50seconds in total.
Change the Y value to 5, so that it takes 15 seconds to failover.

789

Contributors

ychia
Anthony_E

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Terms of Service
Privacy Policy
GDPR
Cookie Settings

Technical Tip: Tuning Redundant S2S VPN

You are leaving our website