Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
robdog
New Contributor II

Multiple BGP AS

Anyone know if it is possible to have the fortigate to connect to multiple BGP as ?

 

If so, does this have to be done by creating additional vdom's?

 

What I want to do is connect configure ipsec vpns to two separate aws environments via BGP.

 

Cheers

11 REPLIES 11
funkylicious
SuperUser
SuperUser

Your requirement seems quite simple.

 

If your ISP1 fails, traffic should route towards ISP2 , while having IPsec tunnels ending/created on both links and preferring ISP1-IPsec tunnel for remote site and if ISP1 fails , traffic should exit towards internet on ISP2 and ISP2-IPsec for remote site.

 

One thing you can do is configure a link-monitor, https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/360563/dual-internet-connect...

 

Another thing you can do is to configure an SDWAN zone for underlay ( Internet traffic / ISP interfaces ) and overlay for IPsec tunnels ( IPsec interfaces, one for each WAN link ).

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/942095/sd-wan-members-and-zo...

---------------------------
geek
---------------------------
---------------------------geek---------------------------
uskvishnu90

You understand my requirement correctly but small correction my internet traffic has to go through ISP1 incase of fail automatically failover to ISP2 and two ipsec tunnels configured using ISP1 & ISP2, my intranet traffic has to go through specifically ISP2 tunnel. How to achieve this using BGP. Please help me.

 

Regards

Vishnu (Network_Team is my official id)

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors