Hello Team,
We have 2 datacenters across different states (kano / abuja) and we want to deploy one of our HA Availability each to different locations due to redundancy. Please keep in mind we have a VPN tunnel accross.
Please i need someone to help and guide me on how to achieve that in steps .
Regards,
Firdausi Nababa
Hi ,
There are few configuration which needs to enabled when setting up a HA in a ipsec vpn configured firewalls as below :
1. session-pickup under HA settings
config vpn ipsec phase1-interface
edit (vpn-name)
set ha-sync-esp-seqno enable
end
2. ha-sync-esp-seqno under IPsec phase1-interface settings
config system ha
set session-pickup enable
end
The below docs will help you in understanding the requirement for enabling the commands :
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/111309/ipsec-vpn-in-an-ha-environment
https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-VPN-in-HA-Environment/ta-p/195849
Regards,
Roshan
@rvijayaraj wrote:Hi ,
There are few configuration which needs to enabled when setting up a HA in a ipsec vpn configured firewalls as below :
1. session-pickup under HA settings
config vpn ipsec phase1-interface
edit (vpn-name)
set ha-sync-esp-seqno enable
end
2. ha-sync-esp-seqno under IPsec phase1-interface settings
config system ha
set session-pickup enable
end
The below docs will help you in understanding the requirement for enabling the commands :
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/111309/ipsec-vpn-in-an-ha-environment
https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-VPN-in-HA-Environment/ta-p/195849
Regards,
Roshan
Thanks for this - much appreciated!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.