To give some context, i am having challenges running the two FGTs in HA due to WAN IP limitation with my cloud provider (I intended to run the two FGTs in 2 different datacenters to set up HA but my CSP requires i move the WAN IP manually between the DCs during HA failover which results to a downtime of close to 5 minutes or more which beats the logic of having the FGTs in HA).
My main goal is to at least have two firewalls with different WAN IPs running on different DCs both serving as gateways for the same resources/vms and then set-up 2 ssl vpn gateways which i will deploy to users' FortiClient such that whenever one FGT is down, they can connect to the secondary VPN gw and continue accessing internal resources.
I know this is not an ideal set-up but i just want a failover mechanism at least for ssl vpns. I don't care much about about IPSec vpns and I am willing to manually update the configurations?
Do you think this is possible to achieve? I would appreciate your inputs on this.
I think FGSP clustering instead of the FGCP clustering may be the ideal solution for you.
FortiGate Session Life Support Protocol (FGSP) distributes sessions between two entities, which could be standalone FortiGates or an FGCP cluster, and performs session synchronization. If one of the peers fails, session failover occurs and active sessions fail over to the peer that is still operating. This failover occurs without any loss of data. Also, the external routers or load balancers will detect the failover and re-distribute all sessions to the peer that is still operating. FortiGates in both entities must be the same model and must be running the same firmware. ref: https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/796662/fgsp-fortigate-session...
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
it is possible to run two FortiGate (FGT) virtual machines (VMs) concurrently in an environment such as ESXi servers. This setup can provide redundancy and failover capabilities for your SSL VPN gateways.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.