Hi All,
To give some context, I am having challenges running the two FGTs in HA due to WAN IP limitation with my cloud provider (I intended to run the two FGTs in 2 different datacenters to set up HA but my CSP requires i move the WAN IP manually between the DCs during HA failover which results to a downtime of close to 5 minutes or more which beats the logic of having the FGTs in HA).
My main goal is to at least have two firewalls with different WAN IPs running on different DCs both serving as gateways for the same resources/VMs and then set-up 2 SSL VPN gateways which I will deploy to users' FortiClient such that whenever one FGT is down, they can connect to the secondary VPN gateway and continue accessing internal resources.
I know this is a **bleep**ty set-up but I just want a failover mechanism at least for SSL VPN. I don't care much about about IPsec VPN and I am willing to manually update the configurations?
Do you think this is possible to achieve? I would appreciate your inputs on this.
FYI, i am running the VMs in ESXi servers.
Solved! Go to Solution.
Hello,
You may consider to check whether FGSP will meet your requirement.
Alternatively you may consider to exclude certain configuration from synchronization:
Hello,
You may consider to check whether FGSP will meet your requirement.
Alternatively you may consider to exclude certain configuration from synchronization:
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.