Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Head office has 3 WAN Connections. One is used for Internet Access only, the other two are used for redundant VPN connections (One of them has lower metric in the routing table). .. Weird ...Did you tried this approach? Let suppose that your remote network accesible by VPN be 10.10.10.0/24 Assuming you' re working with route based redundant VPNs, you' ll have at least 3 static routes to remote networks:
config router static edit 1 set device " PortX" set distance 10 set dst 0.0.0.0 0.0.0.0 next edit 2 set device " mainVPN" set distance 5 set dst 10.10.10.0 255.255.255.0 next edit 3 set device " redundantVPN" set distance 6 set dst 10.10.10.0 255.255.255.0 next endI noted that sometimes (specially with dynamic addressed wans), problem arises when mainVPN goes down, and redundantVPN doesn' t take over quickly and routing table is not correctly updated. The symptom is that traffic to remote network 10.10.10.x became to flow to the default internet route. This setting apparently solved the issue: add a blackhole route with lower metric than default one but higher than VPN' s ones; in above example terms it would be:
config router static edit 4 set blackhole enable set distance 7 set dst 10.10.10.0 255.255.255.0 next endThis avoid that traffic goes to the internet while vpns can do its work. hope it helps.
regards
/ Abel
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.