I have this problem on a FortiGate 60F with firmware 6.4.6.
I have a server hosted in Microsoft Azure with which I communicate through an IPSec tunnel configured in the Fortigate following the instructions in this cookbook.
As a contingency, I have a second tunnel configured through the WAN interface of the secondary internet line we have in the office, to communicate with my server in case of failure or downtime of the main line. This second tunnel follows the same configuration as the first one.
The problem I am having is that, when I set up the first tunnel, it handles traffic and works on my server perfectly. When I raise the second tunnel, after a few seconds I see that the tunnels are still UP in the Forti but suddenly the connection of the first tunnel stops responding (no ping answers and I lose the navigation on the shared folders of the server).
I am totally lost and I come to you a bit desperate, could someone help me with this issue?
I don't have connectivity when only the second tunnel is up. I had taken your theory into consideration but the configuration is exactly the same as the first tunnel, so I don't understand where the error could be.
I beleive you cannot use that "simple" design with termination directly to Azure VPN. The Fortigate removes routes for down tunnels and can then send traffic the tunnel that is still up. The command "monitor" in VPN is used to keep second tunnel down until its needed. But Azure have no such simple method; it needs BGP to find the working way back to the customer site. A solution is to deploy a Fortigate VM in Azure, then it will work as you expect. Some reading: https://learn.microsoft.com/sv-se/azure/vpn-gateway/vpn-gateway-highlyavailable
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.