FG-70F to able to support two IPsec VPN in active active mode via different ISP

mayur07p · ‎09-02-2024

Need to understand if the FG-70F in my hand can be able to support two IPSEC VPN via WAN interfaces connected to two different ISP in active active mode (with load balancing).

This is branch and at central side we have other FG with different model but same motive.

Please let me know how is it possible to implement this.

ajoy · ‎09-02-2024

Hello,

Are you able to provide more information. Like a topology, are these members part of SDWAN zone.

Please check the following article for redundant :

https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/432685/manual-redundant-vpn-configurati...

You can definitely check by unsetting monitor main_VPN in the documentation

 set monitor main_vpn

Regards,

ajoy

mayur07p · ‎09-03-2024

Hi Ajoy,

In our case the two sites are geo separated (different country) for example HQ1 in India and HQ-2 in USA is this solution feasible?

Toshi_Esumi · ‎09-02-2024

If you want simply load-balance between two paths and don't want to manipulate much, I would recommend IPsec Aggregate below:
https://docs.fortinet.com/document/fortigate/7.2.9/administration-guide/779544/packet-distribution-a...

Toshi

mayur07p · ‎09-03-2024

Hi Toshi,

LB with different internet link (different BW) will work in this case?

if yes then its good for me

Toshi_Esumi · ‎09-03-2024

It doesn't matter what kind of internet circuits those are as long as each has reachability to the other end.

Toshi

FG-70F to able to support two IPsec VPN in active active mode via different ISP

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website