Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hiteco-Srl
New Contributor

Redundant Tunnel IPSec VPN

Hi everyone,
I should configure IPSec VPN Tunnels between two fortigates, so that they use the two WANs configured on them.

Each firewall has two WANs; one main and one secondary

 

Is there a procedure for the VPN tunnels between the two firewalls to activate if the WANs are down?

 

Thanks,

Andrea

 

2 REPLIES 2
hbac
Staff
Staff

Hi @Hiteco-Srl,

 

You can configure two IPsec tunnels in an SDWAN zone. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-IPsec-VPN-with-SD-WAN/ta-p/20984...

 

Regards, 

Skytech1
New Contributor III

Hi Andrea,

 

You can create an both IPSec, and once you have them you can configure 2 static routes with different administrative distance (example 10 in the first tunnel, and 15 in the second tunnel), the traffic will flow through the first tunnel unless the first tunnel is down, then it will flow through the second tunnel. A recommendation to make less firewall policies is to create a Zone and add both VPNs to that zone so you manage only one firewall policy for incoming and one policy for outgoing traffic, instead of 2 policies per tunnel

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors