I have a FGT60B (site 1) with two wans that connect over PPPoE (ADSL - dyndns on both) connected via IPSEC to a FGT50B (site 2) which has WAN1 connected as a static IP over FTTH.
There are two IPSEC tunnels from each WAN on the FGT60B to the FGT50B.
What I' d like to have is a redundant IPSEC tunnel.
If I disconnect WAN1 on the FGT60B all trafic goes without any problem to IPSEC on WAN2.
Now the problem arises on the FGT50B as the firewall policy for the tunnel with WAN1 on the FGT60B is higher than the WAN2 policy and is not allowing any trafic to go back to FGT60B.
Is there a way to make these firewall rules " parallel" or another way of making the redundancy work?
Thanks in advance
You will need to use interface mode vpn for this setup to work proper!
- Create interface mode based vpn tunnels.
- Setup the correct routing (OSPF is in my opinion the best way to deal with that)
- group vpn interfaces into a zone
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.