I currently have a firewall at HQ with a static ip and a dial-up vpn configuration for a remote site (remote site initially had a dhcp WAN address) and then that site is set to tunnel all traffic back through HQ. If I'd like to move this a configuration where that remote site (which now has a static WAN ip and is also getting a secondary ISP) is able to connect to the HQ FGT using either of it's 2 ISPs and still do a route all vpn, is this the best link to follow:
and if so, would I to also include the settings in the section "Creating a Backup IPsec Interface"
Created on 04-21-2022 05:16 PM Edited on 04-21-2022 05:17 PM
Not sure if different admin distance would work for policy routes. Because if the distance is different, only highest ones show up in routing table.
You can see that behavior for both AD and priority in "get router info routing-table all".
User | Count |
---|---|
991 | |
829 | |
462 | |
440 | |
132 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.