Hi All,
I've read the existing posts and reviewed the cookbook videos...but I haven't seen a good example of our configuration. We have two 100Ds in HA in two different buildings. Each location has a separate ISP (Level3 in one building and ATT in the other). We bring the ISP drops into a Cisco stack on two separate VLAN's (run through fiber between the buildings), then run an LACP trunk out to the Fortigate's in each building. The LACP carries a VLAN (1000,1001) for each ISP. Both VLANs currently come into a Zone (untrusted internet). We had static/policy routes in place to switch between the main ISP and in the event of failure move to the other; load balancing is not required - would be nice to have. For some reason or another (still waiting for Fortinet to explain) we had problems with our ISPec not starting when using the policy routes (they had us remove them and the ISPec tunnel works again) Diagram attached...
I tried to configure the VLAN interfaces into a virtual wan, but they aren't an option in the config. So short of running fiber connections between the buildings to the wan1/wan2 ports, anyone have an idea how to configure this? We are not looking for full redundancy in each building for every connection, right now we only want to provide the capability to use one or the other ISP (and have our IPSec tunnel work).
ron
User | Count |
---|---|
2675 | |
1410 | |
810 | |
702 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.