Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gilbertog
New Contributor

Full Mesh VPN

Hi,

 

I'm new in this world, but I got a project where I need to connect some Fortigates between a VPN connection.

 

I have researched a lot, but I'm a bit confuse. In fact, I need to connect every Fortigate with all of the rest of the company, but they need to maintain communication if that link were broken. I mean, set up the Fortigate to choose dynamically which tunnel is the best one to go. 

 

I think I already know how to do the tunneling, but I'm not sure if only connecting them by a Full Mesh topology of tunnels they will have that redundancy.

 

Thanks and Regards

3 REPLIES 3
Toshi_Esumi
Esteemed Contributor II

Vpn is just a circuit connecting point A to point B. Almost nothing is different from connecting two points with a p2p leased circuit in your case. Question is how to provide redundancy with multiple paths available at each location. Routing protocols are for that purpose. You need to decide one best suits your purpose and design property.
gilbertog

Hi,

 

So I need to configure a routing protocol in the Fortigate?

 

Thanks for answering.

Toshi_Esumi
Esteemed Contributor II

I didn't mention an important aspect when I posted my reply from an airport about to get on my flight 7 hrs ago.

The topology of network doesn't have to be full mesh depending on how many failures the network can tolerate in addition to how many locations(nodes) you have, like one circuit down, two circuit simultaneous downs, and so on. For example, a ring topology like A<->B<->C<->D<->A can cover a single circuit failure as long as the routing protocol is working properly. That's a fun part of network design :)