Is there any way to make redundant IPsec VPNs by using policy-based VPNs?
The situation is that customer remote firewall have two links to the Internet and when the main link goes down, there is no commutation of traffic to the now active, backup link, needing to move it's respective policy before the downed policy to keep the traffic going between the locations.
Or just say, a route-based IPsec VPN would be enough?
Thanks!
Vitor
+1 for route based.
Create a VPN zone and put both IPSEC interfaces in the zone. You only have to create one set of policies for both VPNs now.
DPD (dead peer detection) is enabled by default, but the default value will only failover after 60 seconds. I'd recommend putting the timers down if you want the failover to happen quicker.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.