Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Alex2000
New Contributor III

Created on ‎05-03-2024 11:33 PM

Ensuring VPN redundancy

I have 2 VPN servers. I configure them in the list when setting up the VPN client. If the first server is unavailable, the client does not connect to the second server. Am I doing something wrong?

image.png

Labels:
1974
0 Kudos
1 Solution
Alex2000
New Contributor III

Created on ‎05-07-2024 02:32 AM

7.0.7 it is work !!!!!

 

new version bug !

View solution in original post

1633
0 Kudos
17 REPLIES 17
funkylicious
SuperUser
SuperUser

Created on ‎05-04-2024 01:45 AM Edited on ‎05-04-2024 01:49 AM

Hi,

I assume that each DNS entry resolves in a different IP ?

If so, on the FGT itself do you have two static routes for 0.0.0.0/0 or a sdwan config ?

 

L.E. under ssl vpn settings, you have both IPs listed under listening on interface ?

"jack of all trades, master of none"
"jack of all trades, master of none"
1167
Alex2000
New Contributor III
In response to funkylicious

Created on ‎05-04-2024 02:24 AM

made up addresses, for example. But in my case, yes - these are 2 different fortigates. They both work if you use them by swapping them in the list. But if I turn off the first one in the list, the client does not try to connect to the second one in the same list

1149
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎05-04-2024 04:03 AM

hmm, not sure about multiple remote gateways from different devices how and if it would/should work, only multiple links on the same device.

"jack of all trades, master of none"
"jack of all trades, master of none"
1130
Alex2000
New Contributor III
In response to funkylicious

Created on ‎05-04-2024 04:37 AM

After all, the manufacturer has made it possible to add multiple VPN connections. Why are they needed then?

1121
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎05-04-2024 05:12 AM

for this scenario i guess

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-enable-SSL-VPN-Access-for-two-diffe...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-Redundancy/ta-p/189668?externalID=...


what you are trying to do in your case might work and maybe something else is not working/configured as it should on both devices

"jack of all trades, master of none"
"jack of all trades, master of none"
1117
Alex2000
New Contributor III
In response to funkylicious

Created on ‎05-05-2024 03:04 AM

Apparently you do not understand the essence of the question. Everything is fine between the two fortigates. The client does not attempt to connect to the second one if there is no connection with the first Fortigate. I have 2 different Fortigates in different country data centers

1048
0 Kudos
funkylicious
SuperUser
SuperUser
In response to Alex2000

Created on ‎05-06-2024 12:25 AM Edited on ‎05-06-2024 12:26 AM

Most likely I've misunderstood your issue since you mentioned 2 FGTs.

So, if I understand correctly both DNS entries are different links on the same device and you have 2 such devices with similar issues and when the first configured remote gw configured in FCT is shutdown or disabled, the 2nd remote gw is not being selected/used, is that correct ?

If so, is the sslvpn portal available, can it be reached/accessed for the 2nd one when the first is unavalable ?

You can also have a look at this, if its not already enabled https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-the-preserve-session-route/ta-p/1...

"jack of all trades, master of none"
"jack of all trades, master of none"
1002
hbac
Staff
Staff

Created on ‎05-06-2024 07:27 AM

Hi @Alex2000,

 

I tested in my lab and it worked. Are you able to resolve the second FQDN from the client? Can you run packet sniffer on the second FortiGate to see if it receives the traffic or not. 

 

di sniffer packet any 'port 10443' 4 0 l

 

Regards, 

983
Alex2000
New Contributor III
In response to hbac

Created on ‎05-06-2024 08:31 AM


I can use IP addresses instead of DNS, this is not a problem.

 

Untitled.jpg

 

969
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.