I have two Fortigate 500E's in separate locations (primary site and failover site) that connect to each other via ISP link. I have 7 branch locations that connect to both sites (primary and failover) via the same link. Each 500E has it's own independent Internet connection and I would like to create a failover connection, so if the primary site goes down, all branch gates route to the failover site instead. Because they are all connected via the same link, I only have one WAN port. I set each WAN port to have a secondary address which matches the failover site LAN. I am looking for suggestions on how to configure the branch gates to automatically re-route to the failover site if connection to the primary site is lost.
Network config:
Primary gate: Primary IP 10.0.0.1 / Secondary IP 20.0.0.1
Failover gate: 20.0.0.2
Branch A WAN 1: Primary IP 10.0.0.4 / Secondary IP 20.0.0.4
Branch B WAN 1: Primary IP 10.0.0.5 / Secondary IP 20.0.0.5
Branch C WAN 1: Primary IP 10.0.0.6 / Secondary IP 20.0.0.6
Etc...
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It's no mandatory, but if you have several site. it's more easy and quickly.
The easiest way is to do according to your practice.
Hi,
Just for confirmation, the indicated primary and secondary IPs correspond to the IPs of the tunnel interfaces ( for be used in bgp neighbor group) ?
If yes, you could add ibgp multipath and a SLA rules to check a Loopback in each HeadQuarter Site, + add rules sdwan.
Best regards,
Correct. The WAN port on each branch device is the tunnel interface and those are the IPs assigned. I am not using BGP, just static routes. Should I use BGP instead?
It's no mandatory, but if you have several site. it's more easy and quickly.
The easiest way is to do according to your practice.
Thank you for your help Julien. I will set my focus on iBGP.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1099 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.