Running 5.2.3. Have a HQ location and 6 satellites. Each location has an MPLS leg back to HQ. Customer would like to have link monitors on the MPLS so that if something happens in the private cloud they have IPsec failover tunnel come up. I have tried setting this up at HQ with link monitors but all the MPLS routes from HQ are via a single local gateway, so I can't update routing table based on link monitor. Am I going about it the wrong way?
Hi,
I have the same topology to my customer, and I've configured OSPF with BFD.
The convergence is very fast and the solution is very stable
Best regards
Lucas
Lucas, if there were any way you could share the pertinent pieces of the HQ and satellite configs, I'd be very grateful.
Regards.
There is a documentation about that : http://docs.fortinet.com/uploaded/files/1693/using-redundant-OSPF-routing-over-IPsec-VPN.pdf
I configured the same aera on all remote sites.
edit :
Adjust the BFD according your internet line (latency for exemple)
Yeah that's a little different than my setup, where one of the links is not IPsec but routed over MPLS. I'll see how much I can mold to that.
Thanks
You need to check with your MPLS provider if you wan to configure ospf with BFD.
but I always configure IPSEC, even the traffic is on MPLS because the traffic isn't encrypted in MPLS line..
Very good suggestions.
Keep in mind you need understand both the limits/objectives w/dynamic routing protocols and bfd & the what/where they fit in.
Keep in mind BFD to MPLS-PE might not gain you anything, due to the provider routing protocols, you can check if your MPLS provide provide lsp-pings and how they release routing information within their labels domains.
PCNSE
NSE
StrongSwan
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.