Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
4kusnik
New Contributor

Created on ‎07-24-2024 12:49 AM Edited on ‎07-24-2024 12:52 AM

Site-to-Site VPN with a peer over dynamically assigned name

Hi All,

 

There is an office that uses FortiGate as a router.

There is a site-to-site VPN tunnel between Azure and that office.

The office has a modem connected to the FortiGate router with 4G connection and when their primary connection is down the router fails over to the modem.

 

Because Site-to-Site VPN between resources in Azure and the on-prem network is vital for business apps when the FortiGate fails over to the 4G modem there should be also a VPN tunnel over that modem.

 

When the FortiGate fails over to 4G modem it is assigned a non-routable IP address 1.XXX.XXX.XXX and for this reason DynDNS service is used to associate 1.XXX.XXX.XXX with a DNS name.

 

Below are the screenshot of Azure side and on-prem side VPN configuration.

 

vpnonprem1.jpg

 

vpnonprem2.jpg

 

vpnonprem3.jpg

 

vpnonprem4.jpg

 

vpnonprem5.jpg

 

dyndns.jpg

 

vpnazure1.jpg

 

vpnazure2.jpg

Both Azure and FortiGate configuration for VPN over 4G were copied from working VPN configuration over primary WAN connection.

 

If someone has experience with Azure Site-to-Site VPN over 4G please advise if something is wrong in my configuration (1st screenshot).

 

Thanks in advance.

Labels:
437
0 Kudos
3 REPLIES 3
tpatel
Staff
Staff

Created on ‎07-24-2024 01:15 PM Edited on ‎07-24-2024 01:15 PM

Hello, 
First we need to check you have default active route through modem connection. 
After that check tunnel is coming up or not, according to your screenshot tunnel configuration look correct. 
Make sure you increase priority of modem tunnel route compare to primary tunnel. 


 

370
4kusnik
New Contributor

Created on ‎07-25-2024 12:07 AM

Thanks guys for your replies. 

I can only tell that Site-to-Site VPN over 4G perfectly works with another FortiGate.

344
0 Kudos
4kusnik
New Contributor

Created on ‎07-29-2024 05:54 PM

Hi All again,

 

Could you please advise what logs I should check next time I test or try to establish Azure-to-Site over 4G VPN.

281
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.