- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
primary and seconary WAN connection for IPSec tunnel
Hi guys,
I am new to the field of advanced routing. In my company we have the following network construct to a branch office:
- A dark fibre line connects 2 fortigate firewalls
- An LTE line is to be used as a backup line
- Both fortis are connected to each other via both lines using IPSec
At the moment the internet traffic goes over the LTE line, but in the future it should work as a backup internet line, but currently the LTE line is the internet access line for all clients in the branch office.
If we put a new default route 0.0.0.0/0 on the WAN interface with the dark fibre, both routes go down.
How do the two Fortigates have to be configured so that everything runs via the dark fibre and the LTE line is only used if the dark fibre fails?
Thank you in advance for your answers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @oneil1987,
KIndly use this article for the redundant internet.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Redundant-Internet-connection-without-load...
In this article, Port 1 is considered dark fiber and Port 2 is considered LTE.
Also, Make sure you configure The Policies via Dark Fiber as well and test Internet connectivity from Dark Fiber IP address as well:
exec ping-options x.x.x.x <---------FortiGate Dark Fiber Interface IP address
exec ping 8.8.8.8
If Ping works then the Internet connectivity is fine.
Also, you can double-check the arp table for the Dark Fiber to have the correct Gateway IP address:
get sys arp | grep <dark fiber interface name>
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: FCA, FCF, FCP-NS, FCSS-NS
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi akumar,
thanks for the link. I'll have a look at it this week. I don't know how it will work out this week to make the changes, but I will definitely give feedback as soon as I have tackled the whole thing and hopefully been able to implement it.
Thank you , oneil1987
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks oneil1987,
Please keep us posted.
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: FCA, FCF, FCP-NS, FCSS-NS
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up