Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hiteco-Srl
New Contributor

Created on ‎02-21-2024 03:27 AM

Redundant Tunnel IPSec VPN

Hi everyone,
I should configure IPSec VPN Tunnels between two fortigates, so that they use the two WANs configured on them.

Each firewall has two WANs; one main and one secondary

 

Is there a procedure for the VPN tunnels between the two firewalls to activate if the WANs are down?

 

Thanks,

Andrea

 

Labels:
573
0 Kudos
2 REPLIES 2
hbac
Staff
Staff

Created on ‎02-21-2024 10:34 AM

Hi @Hiteco-Srl,

 

You can configure two IPsec tunnels in an SDWAN zone. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-IPsec-VPN-with-SD-WAN/ta-p/20984...

 

Regards, 

547
0 Kudos
Skytech1
New Contributor III

Created on ‎02-21-2024 12:13 PM

Hi Andrea,

 

You can create an both IPSec, and once you have them you can configure 2 static routes with different administrative distance (example 10 in the first tunnel, and 15 in the second tunnel), the traffic will flow through the first tunnel unless the first tunnel is down, then it will flow through the second tunnel. A recommendation to make less firewall policies is to create a Zone and add both VPNs to that zone so you manage only one firewall policy for incoming and one policy for outgoing traffic, instead of 2 policies per tunnel

537
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.