Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
oneil1987
Visitor

Created on ‎11-14-2024 05:01 AM

primary and seconary WAN connection for IPSec tunnel

Hi guys,

I am new to the field of advanced routing. In my company we have the following network construct to a branch office:

  • A dark fibre line connects 2 fortigate firewalls
  • An LTE line is to be used as a backup line
  • Both fortis are connected to each other via both lines using IPSec

At the moment the internet traffic goes over the LTE line, but in the future it should work as a backup internet line, but currently the LTE line is the internet access line for all clients in the branch office.
If we put a new default route 0.0.0.0/0 on the WAN interface with the dark fibre, both routes go down.

How do the two Fortigates have to be configured so that everything runs via the dark fibre and the LTE line is only used if the dark fibre fails?

Thank you in advance for your answers.

 

forti.jpg

Labels:
35
0 Kudos
1 REPLY 1
akumar02
Staff
Staff

Created on ‎11-14-2024 06:09 AM

Hello @oneil1987,
KIndly use this article for the redundant internet. 
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Redundant-Internet-connection-without-load...

In this article, Port 1 is considered dark fiber and Port 2 is considered LTE.

Also, Make sure you configure The Policies via Dark Fiber as well and test Internet connectivity from Dark Fiber IP address as well:

exec ping-options x.x.x.x <---------FortiGate Dark Fiber Interface IP address 
exec ping 8.8.8.8

If Ping works then the Internet connectivity is fine. 

Also, you can double-check the arp table for the Dark Fiber to have the correct Gateway IP address:

get sys arp | grep <dark fiber interface name>


Best Regards,
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: 1,2,3,4,5,7
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up
10
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.