Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
besen89
New Contributor

WAN Failover and Loopback Interface as VPN Endpoint

Hi,

I`m on FortiOS 5.4.4 on witch a Fortigate 60D. Does it work to create a WAN Failover with to different ISPs and using an additional External IP-Address on a Loopback Interface as VPN Endpoint?

I want create two Routes from Loopback through both ISP Interfaces with different Priorities. VPN Connections will use the Loopback as Peer. So I hope, when one ISP is down, VPN still works because the Loopback is now available through the other ISP Interface.

Does ist work like this or not?

1 REPLY 1
MikePruett
Valued Contributor

My personal preference for redundant VPN is to have both ISPs interfaces live but with different priorities (cost) like you mentioned and then to have two tunnels stood up (one per connection) and then have the routes for said tunnels live in the same manner (different priorities). So when tunnel one fails you still have tunnel 2 that your routes can fail to.

 

For policy consolidation purposes I like to group the external interfaces to an OUTSIDE zone or something like that so then I just do policy from INSIDE to OUTSIDE and it effect both tunnels and ISPs etc.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Labels
Top Kudoed Authors