I have 2 Fortigate 601E. X1 has our private IP range and X2 has our public IP range.
Each of these is connected to 2 separate ISPs. So I cannot run full HA. I run vrrp on X1 and X2 interfaces.
I have put the vrrp of both X1 and X2 in the same group. This way if X1 fails over, X2 will fail over as well.
I run full BGP with each ISP and announce my public IP.
I prepend the inbound via Fortigate2 to make sure that all the internet traffic comes to fortigate1. Outbound traffic will take fortigate1 because of VRRP.
Now the question,
1. When X1/X2 fails over, I want to failover the incoming traffic from the internet to ISP2 on Fortigate 2. Otherwise, the incoming traffic will hit Fortigate1 and get blackholed. Outbound traffic won't have an issue because of vrrp.
2. What is the best design to accommodate a situation where Fortigate1 reboots and comes back in 2-3 minutes? (Should I keep Fortigate2 as master even when Fortigate1 comes up? This again will cause an issue with BGP failover, as internet routing for my public IP will take some time to failover to Fortigate2.)
3. What is the best design to make sure to accommodate the situation where the master ISP goes down?
4. Do you run iBGP between the FortiGate over my own private subnet or my own public subnet?