Hey sims,
Asymmetric routing is always problematic in any environment and I would suggest fixing the root issue of the routing instead of trying to make it work like that. That being said... Do you need to use the VDOM link between VDOM-A and VDOM-Root as a transit link in the event that R1 or R2 has an issue? Are you using OSPF with the VDOM link? If so, you can add cost to the VDOM link OSPF interfaces on each VDOM so that they won't be used unless there's an issue with the "main" link. See this document for more information: https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-advanced-routing-54/Routing_OSPF/Con...
Hope this helps,
Sean (Gr@ve_Rose)
Site: https://tcpdump101.com
Twitter: https://twitter.com/Grave_Rose
Reddit: https://reddit.com/r/tcpdump101
Hi,
Thanks for the reply . but what if we need an active /active deployment
Thanks
Hey sims,
So you want traffic hitting VDOM-A to load balance out a physical interface of VDOM-A as well as go across the VDOM link to exit out of a physical interface on VDOM-Root? Do I have that right?
Sean (Gr@ve_Rose)
Site: https://tcpdump101.com
Twitter: https://twitter.com/Grave_Rose
Reddit: https://reddit.com/r/tcpdump101
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.