Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mvoight
New Contributor

Fortigate to other firewall with 2 WANs

Hello all,

A client we're working with has a Fortigate firewall (we don't have any to test with). We have two WAN connections and have a site to site VPN set up with them from WAN1 to their WAN. Is there an option in their firewall to add in a "secondary WAN address" for the VPN?

I know there's an option like this in our firewall where we can set the vpn to a primary gateway address (WAN1) and we could add in a secondary gateway address (WAN2) so I figured there would be an option in a Fortigate as well.

2 REPLIES 2
Toshi_Esumi
Esteemed Contributor III

No. But you can set up another IPSec from the same location to WAN2 interface, then set up a link-monitor on the primary VPN. You need to have two sets of static routes (if not using a routing protocol) with higher distance or priority toward the backup VPN. When the link-monitor's pinging to the other end of the tunnel failes, those primary static routes would be removed to take the backup path. When it comes backup, they would be reinstated to resume the original routing.

You need to set up the same on both ends.

sw2090
Honored Contributor

To my experience here this even works without the link monitor. I never used link monitors and my VPNs do routing prio based fallback even without.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors