Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bashrael
New Contributor

failover vpn

Hi All,

I have a fortigate 60E running v6.0.2 build0163. (And willing to upgrade if necessary)

I have and SD-Wan configured on it with wan1 and wan2 on different isp's.

 

On wan1 I created a dial-up vpn.

This all works good.

 

Now would it be possible to create a 'failover vpn'?  So when wan1 goes down the vpn client automatically tries to connect to wan2?

End goal is the vpn keeps working if wan1 or wan2 goes down.

I could create two dial-up vpn's but that makes it more complicated for the end users.

 

Any ideas or pointing me in the good direction?

Thanks!

 

 

 

 

1 REPLY 1
sw2090
SuperUser
SuperUser

I don't think this can be done with the FGT alone. You would have to to have a vpn für each wan (I never checked up to now if you could bend a vpn to sdwan) to be able to dial in on each wan. It could thus use the same credentials/keys or certificate(s).

 

To be able to failover without having to have mutilple dial in tunnels on client side you will need more. 

The FGT itself cannot do this so you have to do it via DNS. The client should then use a FQDN you define as server.

This would thus require static ip addresses on your wans and  you having an internet domain plus access to it's dns entries. Then you can set it up to do DNS Round Robin by simply creating one a record for each wan ip with the same subdomain. DNS will then check the first one and that ip don't repsond it will timeout after 30sec and try the next a record for that subdomain.

This would then likely  kill your vpn connection when the wan you're currently connected  goes down and would require you to reconnect vpn but you would not need to have more then one dial up tunnel to the FGT.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors