IPSec VPN link-monitor (Amazon AWS VPC)

Camostyle · ‎10-23-2018

Hi everyone,

I'm new there and I was trying to find a way to configure my Amazon AWS VPC tunnels correctly.

I use a Fortigate 100E (v5.6.5 build1600 (GA)) and the configuration requested by Amazon needs 2 IPSec tunnels with gwdetect/link-monitor function (to switch from the primary tunnel to the second if the first one is under maintenance)

I'm able to mount the 2 tunnels and route traffic by them, but my issue is that I didn't find the function to automatically switch upon them on my fortigate (GUI ou CLI).

I asked google for "gwdetect" (seems to be replaced by link-monitor) and "link-monitor" but didn't find how I can activate this function... Anyone able to give me a hand ?

Thank you

2.5.0.0

Camostyle · ‎10-24-2018

Hi,

Finally, someone told me how to find the link-monitor function ! (It's only available in CLI)

When you acces to your Fortigate by CLI (SSH), you have to go to the "vdom" side.

You cand find the link-monitor function under:

#config vdom

#edit root

#config system link-monitor

For AWS VPC connection, you also need to set 2 options on your VPN interfaces

#config vdom

#edit root

#config system interface

#edit VPNInterfaceName

#set tcp-mss 1379

#config l2tp-client-settings

#set mtu 1427

Regards,

2.5.0.0

IPSec VPN link-monitor (Amazon AWS VPC)

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website