Hello, Please take a look at the diagram. The requirement is for
Server-1 to connect to Server-2. I need some suggestions for the issue.
The 'Local Gateway" for the tunnel is a public IP defined inside the
LAN. So the ISP doesn't matter for the "loca...
I have 2 Fortigate 601E. X1 has our private IP range and X2 has our
public IP range.Each of these is connected to 2 separate ISPs. So I
cannot run full HA. I run vrrp on X1 and X2 interfaces.I have put the
vrrp of both X1 and X2 in the same group. Th...
That was the initial question. When you create a tunnel you need to
specify the egress interface. So when the ISP "swings", the tunnel will
still try to work on the original (ISP1) egress.
Hello, We run BGP with both the ISPs. So I can influence the inbound and
outbound on FGT-1 and FGT-2. So, as long as FGT is VRRP master,
everything (traffic as well as the active tunnel) can be controlled. But
when the FGT-2 becomes the VRRP master, ...
Hello @hbac the remote end is not FortiGate. So, depending on which ISP
is the primary, for both inbound and outbound, that will be the ONLY
active tunnel. The other tunnel will be showing as down, right?
Thank you All. The solution that I think fits the best is the redundant
interface between the firewall and the switch. 1. Firewall-1 connects to
SW1 and SW2 and we make it a redundant port. Thus you will have a
private redundant interface as well as ...