Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nictan
New Contributor

Internal static route failover

Hi there,

 

I have 1 unit of Fortigate 60D with below static route.

0.0.0.0 0.0.0.0     x.x.x.x     WAN1

10.10.20.0/24      192.168.1.254  internal1

10.10.20.0/24                             VPN tunnel

 

192.168.1.254 is the IP for the ISP router which point to my branch.

and I have VPN tunnel link to my fortigate 60D at my branch.

 

Problem is can I configure fail over to use VPN in case my ISP router down?

3 REPLIES 3
Nils
Contributor II

I don't know why you should use VDOM for this...?

But yes you can configure failover for a route. You can ping your ISP gateway and when the gateway goes down you'll use your VPN connection instead.

Again, this has nothing to do with VDOM.

nictan
New Contributor

I don't think there is a need for VDOM.

 

Some more the static route I need is not point to WAN (is another network).

echo
Contributor II

You should configure the routes so that the primary has smaller distance and backup (tunnel) has bigger distance number. Right-clicking the titles of columns allows you to select both distance and priority in the routing table so it's more convenient to see that information. Also, from my experience, when I create two tunnels, one primary and one backup (using different ISP's) then in ipsec tunnels' configuration there has to be the option Dead Peer Detection set. Even though you don't have two tunnels directly, you may have to use it in your tunnel.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors