in my environment (dealing with two fortigates) what I did to configure a vpn failover is configuring two identical vpns (on the fortigate side), one with interface set to wan1 and the other with wan2.
Once done that, if you edit the backup vpn through the cli, there is a setting "set monitor ' '" which allows you to set the failover vpn in monitor mode with respect to the other one.
So for example:
- VPN-Headquarter (wan1)
- VPN-Backup (wan2)
Enter the cli:
- config vpn ipsec phase1-interface
- edit VPN-Backup
- set monitor 'VPN-Headquarter'
Done that, you will se up only the primary one. If the wan1 interface goes down, the backup one will come up.
Hopefully this configuration will help you.