HA failover for 2 FortiGate's on separate networks & separate ISP connections

clehman · ‎04-27-2023

I have two separate FortiGates controlling a separate network each that have their own ISP connection (one from comcast, the other from Verizon). I want to be able to provide a redundant internet connection between the two networks (i.e. if FortiGate 1's WAN connection to comcast goes down, it redirects traffic to FortiGate 2's WAN connection to Verizon and vice versa).

Would this be acheivable if there was a physical connection between the two FortiGates and some kind of HA configuration was setup between the two FortiGates? I would still want each FortiGate/Network to operate off of its primary ISP connection, however if one fails ideally it would automatically switch to the other. ( see diagram below)

FortiGate

gfleming · ‎04-27-2023

So these FGT's are in separate locations? And you can connect them using Fiber?

You could accomplish what you want by having a default route advertised from each FGT across the fiber connection. If the main ISP goes down and you lose the route you will failover to the other FGT using the advertised route.

You could also just use static routes and SD-WAN. Or any combination of the above really. Lots of ways to do what you want.

Cheers,
Graham

clehman · ‎04-27-2023

Yes, they are two separate buildings but they are right next to each other and have conduit between the buildings with fiber connections. Appreciate the suggestions!