Hello everyone,
I have a Active/Active Forigate firewalls behind a load balancer in Azure environment, so my External load balancer has only 1 public IP. my question is that how my on-premise fortigate firewall can establish a Site to Site VPN??
When I configure the Site2Site VPN on Fortigate-A everything is fine but as soon I configure Fortigate-B, the tunnel goes down!!!!!!!!!!!!!!!
Thanks,
A
Hi @alihmp2005,
If FortiGate-A and FortiGate-B are in HA active-active, you only need to configure VPN on the primary and it will synchronize to the other.
Regards,
Hi hbac,
Thanks for your answer but they are not in HA cluster, both of them are active and ELB distribute the traffic.
So you are load balancing traffic to two FortiGates which are not in HA. That doesn't make sense to me. When creating IPsec tunnel when FortiGate A and B, you need to select 'This site is behind NAT'. On prem FortiGate, select 'Remote site is behind NAT' and enable the following options:
config vpn ipsec phase1-interface
edit <name>
set net-device enable
end
config vpn ipsec phase2-interface
edit <name>
set route-overlap allow
end
Regards,
Thanks hbac for your answer, but If instead of On-premise Fortigate, I create Azure VPN gateway(Virtual Network Gateway+Local Network Gateway), then how should I configure that?
thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.