This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
AmirArama
Employee
Employee
2 weeks ago

I don't believe MEP configuration is relevant if you work with Route Based VPN.

if you already have two VPN Tunnels, one from each local interface to each remote interface as you described.

assuming you consider each FG IP as different peer/object, try to set static route to the remote network behind FG going via VTI1 with ping on, and then another static route with higher priority (=lower preference) via the other VTI.
once primary tunnel goes down, ping on should remove the primary route and traffic should be redirected via secondary VTI/tunnel.
(of course you can achieve similar effect using dynamic routing.)

Each FG external IP needs to be routed statically via each local interface next hop.

also disable MEP if working with route based VPN.

in R82 you will have the enhanced link selection, which can build tunnel per interface in more elegant manner.

Thanks,

(1)
Who rated this post