Rackmount your Fortinet --> http://www.rackmount.it/fortirack
But I have had similar issues on nodes where I have allowed failover-VPNs with lower priority; also here I have seen that sessions are " hanging" on secondary VPN-route even after primary VPN is re-etablished. This result in inconsistent routing and dropped packages.
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
For your other scenario, one way is to have different metrics for the pri and sec vpn route. You can also use OSPF on the vpn network, if you have route based VPN' sI will try to set it up with OSPF, it may be easier than I first expected. But; There are one (big?) challange here; I need to route all internet-trafic (0.0.0.0/0) from remote site via HQ due to IP-restriction on several WEB-services and -subscribtion. Today this is solved with policy based VPN in " remote" -end and interface based VPN in HQ-end. Can I use 0.0.0.0/0 (DefGW) as " Network" in OSPF and have a static route with lower metric for HQ WAN-IP.
Rackmount your Fortinet --> http://www.rackmount.it/fortirack
FG200A (OSPF-Test) # get rou info ospf nei OSPF process 0: Neighbor ID Pri State Dead Time Address Interface 10.10.88.2 1 Init/ - 00:00:38 10.255.255.238 VPN_Internal4 10.10.88.1 1 Full/ - 00:00:33 10.255.255.242 VPN_Internal3 10.10.88.2 1 Full/Backup 00:00:33 10.255.255.250 internal4 10.10.88.1 1 Full/Backup 00:00:39 10.255.255.254 internal3 FG200A-VetInst (OSPF-Test) #Part of reply on get rou info rout all
O 10.10.88.1/32 [110/110] via 10.255.255.242, VPN_Internal3, 00:20:04 [110/110] via 10.255.255.254, internal3, 00:20:04 O 10.10.88.2/32 [110/110] via 10.255.255.238, VPN_Internal4, 00:01:58 [110/110] via 10.255.255.250, internal4, 00:01:58Confusement (inconsistent) in the ip-structur, due to LAB-enviroment. I presume it will never occur in real life, SORRY . . Yngve
User | Count |
---|---|
983 | |
818 | |
446 | |
440 | |
130 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.