Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
muellerr64
New Contributor

Dual ISP redundancy

Hi All,

 

I've read the existing posts and reviewed the cookbook videos...but I haven't seen a good example of our configuration.  We have two 100Ds in HA in two different buildings.  Each location has a separate ISP (Level3 in one building and ATT in the other). We bring the ISP drops into a Cisco stack on two separate VLAN's (run through fiber between the buildings), then run an LACP trunk out to the Fortigate's in each building.  The LACP carries a VLAN (1000,1001) for each ISP.  Both VLANs currently come into a Zone (untrusted internet).  We had static/policy routes in place to switch between the main ISP and in the event of failure move to the other; load balancing is not required - would be nice to have.  For some reason or another (still waiting for Fortinet to explain) we had problems with our ISPec not starting when using the policy routes (they had us remove them and the ISPec tunnel works again) Diagram attached...

 

I tried to configure the VLAN interfaces into a virtual wan, but they aren't an option in the config.  So short of running fiber connections between the buildings to the wan1/wan2 ports, anyone have an idea how to configure this?  We are not looking for full redundancy in each building for every connection, right now we only want to provide the capability to use one or the other ISP (and have our IPSec tunnel work).

 

ron

1 REPLY 1
muellerr64
New Contributor

Assuming I have to run additional connections between buildings, would this be the best way to connect the devices in order to use Wan Link Load Balancing?

 

ron

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors