I have a Fortigate 300C v4mr3 patch10. I have 68 remote sites using Fortiwifi 60C and have sitetosite VPN tunnels connecting to the 300C. The WAN1 on the 300C is a 50meg up and down FIOS connection. The VPN tunnels are used for the remote sites to connect to terminal servers to get a full desktop. When browsing from these terminal sessions they go out the same WAN1 port. I want to bring in another internet connection from Comcast connect it to WAN2 port and redirect all http traffic out of WAN2 and only use WAN1 if WAN2 goes down.
The next step Is then setup the 60Câ€™s with a secondary VPN tunnel that points to the WAN2 port of the 300C and failover to this when the 1st tunnel goes down.
You don' t need a secondary tunnel from each of the remote locations. If they are configured to use the head office 300C as their default gateway then once you have a second link on the 300C the remote locations will be good to go.
It' s easy to add a backup WAN link - just plug it into WAN2, configure a second default route under Router->Static Route, and give it a different priority than the main link (click the advanced button when adding the route).
You can also use Policy routes to force specific traffic out specific interfaces if you like.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.