HA failover for 2 FortiGate's on separate networks & separate ISP connections
I have two separate FortiGates controlling a separate network each that have their own ISP connection (one from comcast, the other from Verizon). I want to be able to provide a redundant internet connection between the two networks (i.e. if FortiGate 1's WAN connection to comcast goes down, it redirects traffic to FortiGate 2's WAN connection to Verizon and vice versa).
Would this be acheivable if there was a physical connection between the two FortiGates and some kind of HA configuration was setup between the two FortiGates? I would still want each FortiGate/Network to operate off of its primary ISP connection, however if one fails ideally it would automatically switch to the other. ( see diagram below)
So these FGT's are in separate locations? And you can connect them using Fiber?
You could accomplish what you want by having a default route advertised from each FGT across the fiber connection. If the main ISP goes down and you lose the route you will failover to the other FGT using the advertised route.
You could also just use static routes and SD-WAN. Or any combination of the above really. Lots of ways to do what you want.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.