Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kckong
New Contributor III

Dual WAN Link, OSPF redundant VPN

Hello, My FGT-100A have two WAN lines. I have setup route based partially redundant VPN from that FGT-100A to 10 branch offices, and use OSPF for manage the route between these 11 Fortigate units. The whole network seems OK. I just want to make sure, if I set the same cost, priority, metric and distance settings for all OSPF route, will the FGT-100A select the best route to the remote office automatically. As I want to form the VPN in partially redundant and load balancing? I have review the document from knowledge base, and no any information about VPN load balance. The example in the document just guide you how to setup another OSPF tunnel as backup, with higher cost setting. Thanks Danny
2 REPLIES 2
HQS
New Contributor

Hi, do you want to have load-balancing or security failure? Imho you can not implement load balancing with OSPF, because it will only choose one of the two VPN Tunnel. Also at the same cost, priority and Metric for the different routes. The best way is to configure the VPN tunnels and then configure the OSPF with the largest possible network. For example, 10.10.0.0/16. Everything else makes the OSPF automatically. This is how it works for me! Cheers
kckong
New Contributor III

Hi, My primary object is WAN and VPN redundant, ensure that the VPN tunnels are 100% up at any time. Seems this is achieved. Thanks for your explanation Yes, the network design in my company LAN is in 10.10.0.0/16 environment, each office use 10.10.x.0/24 segment. Recently I just add one more WAN line in head office, and then change the vpn from policy based to routed base, use OSPF to change a partially meshed network to a simplify one. Thanks
Labels
Top Kudoed Authors