Hi folks,
I'd like to use an Active-Active HA cluster to fail over and fail back when the primary WAN link goes down.
Currently I have an internal IP 192.168.1.99/24 on interface internal1
Active-Active HA is configured with heartbeat on the DMZ and Internal7 ports.
I have the primary WAN link configured on WAN1 and this also connects to multiple IPSEC VPNs. One of the IPSEC tunnels connects to a datacenter, and over this VPN the primary DNS server at the datacenter is used.
I have a secondary ADSL link configured on WAN2 and policies in place to allow internet access. However, as we're using the datacenter DNS server (we need to use this to allow internal style DNS names whilst the VPN is up) name resolution breaks when WAN1 goes down. We'd like the IPSEC tunnels to come up on WAN2 when WAN1 goes down.
Currently the static route in place is for WAN1 to have a lower distance (10) than WAN2 (20). So everything operates fine while WAN1 is up.
What we would like to happen is that if WAN1 goes down, the IPSEC tunnels come up on the WAN2 service instead (failover), and when WAN1 comes back to use that link as preferred (fail back).
All IPSEC tunnels are currently policy based and we'd prefer to leave them that way. Will we need to reconfigure all of them as dial up in order to reconnect under WAN2 when that is in use? How would we go about allowing the VPN tunnels to connect, as they are all bound to WAN1 at the moment? Would I set up another set of VPN tunnels for the WAN2 interface?
If someone can let me know how we can do this, it would be appreciated!
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1711 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.