Fortigate to other firewall with 2 WANs

mvoight · ‎09-24-2019

Hello all,

A client we're working with has a Fortigate firewall (we don't have any to test with). We have two WAN connections and have a site to site VPN set up with them from WAN1 to their WAN. Is there an option in their firewall to add in a "secondary WAN address" for the VPN?

I know there's an option like this in our firewall where we can set the vpn to a primary gateway address (WAN1) and we could add in a secondary gateway address (WAN2) so I figured there would be an option in a Fortigate as well.

Toshi_Esumi · ‎09-24-2019

No. But you can set up another IPSec from the same location to WAN2 interface, then set up a link-monitor on the primary VPN. You need to have two sets of static routes (if not using a routing protocol) with higher distance or priority toward the backup VPN. When the link-monitor's pinging to the other end of the tunnel failes, those primary static routes would be removed to take the backup path. When it comes backup, they would be reinstated to resume the original routing.

You need to set up the same on both ends.

sw2090 · ‎09-24-2019

To my experience here this even works without the link monitor. I never used link monitors and my VPNs do routing prio based fallback even without.

--

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

Fortigate to other firewall with 2 WANs

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website