We have a multi-location FortiGate firewall, and we have a HQ location two ISP and a branch location single ISP, both firewalls configured IPsec to primary WAN.
Sometime HQ location Primary WAN goes down and IPsec VPN is disconnected, so our work is affected.
We need a HQ location firewall. Both WANs configure the IPsec to branch location.
Hello @chezhiyanarumugam75 ,
You can establish an ipsec vpn tunnel for both ISP lines. After tunnel configuration, you have two options for redundancy.
-First, you can use static routes with different distances. For example, you can configure a primary tunnel distance of 10 and a secondary tunnel distance of 20. If the primary tunnel goes down, FortiGate will redirect all traffic to the secondary tunnel.
-Second, You can use sd-wan. SD-wan can automatically redirect all traffic between two lines.
You can review these documents for more information.
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/19246/sd-wan
Hi ozkanaltas,
Thank you for your valuable guide,
I tried the above configuration and the IPsec connection is established, but the issue for at the same time both line online, remote ips does not communicating.
Created on 07-16-2024 05:31 AM
Hi @chezhiyanarumugam75 ,
It is normal for both IPsec networks to be online. Since routing will come into play when prioritizing here, traffic should try to pass through whichever tunnel you gave the lowest distance to. And this distance must be mutually the same.
Can you check whether the packets are trying to go to the other side with the debug command below? After running these commands, try to access the other side.
diagnose sniffer packet any 'host x.x.x.x' (x.x.x.x IP address of destination or source machine)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.