I'm trying to figure out the best way to solve an issue. We have two sites both of which of a third party router that we route traffic through for software suite. This routers just act as gateways for certain subnets and all of internal routing is left up to us. The two sites are connected via MPLS for internal network traffic as well as a backup site-to-site vpn over the internet.
What I'd like to happen is for traffic from Site A to go Router A and Site B to go to Router B. That's completely straight forward. The issue is that I would like it if one of the routers or internet connections go down, the traffic from the affected site to get routed to the other site's third party router.
I'm slightly lost on how to do this. My currently thought is that there probably is a way to do this with SDWAN and RIP/OSPF but I rather not kludge something together when there might be a better option.
Did you check FGSP clustering, not FGCP (Regular HA).
FortiGate Session Life Support Protocol (FGSP) distributes sessions between two entities, which could be standalone FortiGates , and performs session synchronization. If one of the peers fails, session failover occurs and active sessions fail over to the peer that is still operating.
The key issue you need to solve is to have a default route on both local Internet and MPLS path but MPLS side has higher admin distance like OSPF. However, the problem is it needs to be handled by the 3rd party router you don't have access.
Anything behind it like your FGT has just a single connection to the router and there is no control which way the router chooses.
<edit>Or is the MPLS circuit directly terminated at the FGT? Then it's a different story. But the topology is not clear without a diagram.</edit>
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.