Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
pieciaq
New Contributor III

Created on ‎06-21-2022 06:15 AM

Keep VPN IPSec tunnels up

Hi all,

 

I like to know is there possibility to keep VPN IPSec tunnels up when linked to backup interface (WAN2) and backup ISP.

I got FGT60E with WAN1 (1 ISP) and WAN2 (2 ISP - backup), to WAN1 got connected IPSec Tunnel to another FGT, and on WAN2 got connected different IPSec tunnel (needed as backup) to different location.

In Static Routes WAN1 has lower distance (8) than WAN2(10) tunnels linked to WAN2 are down, is there possibility to make them always up? Of course WAN2 interface is up.

I got enabled Auto-negotiate and Autokey Keep Alive.

When WAN1 go down and WAN2 starting to pass traffic tunnels get up and send data with no problem.

 

Piotr$
Piotr$
Labels:
1502
0 Kudos
1 Solution
pminarik
Staff
Staff

Created on ‎06-21-2022 06:33 AM Edited on ‎06-21-2022 06:57 AM

Hi pieciaq,

If WAN2 route has worse admin distance, its route will not be active => IPsec tunnel on WAN2 will not have a route to the peer => tunnel will stay down.
You need the admin distances to be equal so that both routes are available. (but set WAN1's priority to a better value so that the primary WAN1 is used for all outgoing internet traffic, unless overridden by policy routes or SD-WAN rules)

[ corrections always welcome ]

View solution in original post

1495
0 Kudos
1 REPLY 1
pminarik
Staff
Staff

Created on ‎06-21-2022 06:33 AM Edited on ‎06-21-2022 06:57 AM

Hi pieciaq,

If WAN2 route has worse admin distance, its route will not be active => IPsec tunnel on WAN2 will not have a route to the peer => tunnel will stay down.
You need the admin distances to be equal so that both routes are available. (but set WAN1's priority to a better value so that the primary WAN1 is used for all outgoing internet traffic, unless overridden by policy routes or SD-WAN rules)

[ corrections always welcome ]
1496
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.