I was afraid that would be the answer, than we'll have to think of an alternative plan. Probably using the 'old' VPN firewall. Not ideal, but at least it will give us some time to come up with a more permanent solution.
This is really the exemplary situation to employ VDOMs. Different customers get each a VDOM of their own (managed by you). Then you can create multiple tunnels to the same remote IP.
Of course, if the remote side is a FGT, you might see the same difficulty, as multiple tunnels are coming in from the same remote WAN IP. The easy way out is to use different WAN IP addresses (configured as secondary addresses). There is a setting in phase1 which you may set to a secondary address as the remote IP.
Thanks for your reply, I understand you completely and that is something what is planned for the future. Each customer gets it's own VDOM and own public ip subnet. But at this moment it's something I cannot implement yet. The remote gateway is an CheckPoint device and not under our control. Also we don't have extra public IP available in that subnet.
Well, if you need two distinct paths but don't have resources...would your regulations be fulfilled if you put 2 VLANs across the same tunnel? It's almost secure...
What about dial-in VPNs? Once dialled in, it doesn't make any difference to the traffic. You would just need to differentiate the tunnels by multiple peer IDs (strings). Aren't 100 home workers building 100 tunnels to the same public IP?
Well that's the thing with this setup. Would we do that we would not be in compliance with local and european regulations and maybe even more regulations. The traffic has to be strictly seperated from each other, so hence the two seperate IPSec tunnels. How the 3rd party which we are connecting to stays in compliance with regulations is from my (technical) point of view not important. Litte sidenote: it are companies that provide financial services, so very strictly regulated
But your first reply about the VDOMS is the best way for our environment and it will be implemented, I already made sure of that. The only question is when...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.