AnsweredAssumed Answered

How can I setup a primary and backup S2S VPN tunnels

Question asked by Jacques Speliers on Jan 16, 2018
Latest reply on Jan 23, 2018 by VENKAT S P

Scenario:

      1 local Checkpoint R80.10 gateway cluster (site L1) need to establish a primary site to site tunnel to remote Fortinet gateway (site R1) having HostA and HostB. A secondary remote site (R2) exists housing HostC sync'ed from R1 HostA. There is "link" between R1 and R2 managed by the Vendor. L1 gateway needs to have backup/secondary site to site tunnel to R2 in the event R1 gateway is not available.

 

Users behind L1 access HostA and HostB through primary tunnel to R1. Users behind L1 access HostC at R2 via primary tunnel to R1 and then link to R2.

 

Question: For us to have automatic failover of traffic destined to HostA, HostB and HostC to flow over the secondary tunnel, would configuring  route statements on the gateway's OS with different priority work?

                  hostA  nexthop gw X    priority1  (flows over tunnel to R1)

                  hostA  nexthop gw Y    priority2  (flows over tunnel to R2)

 

Would the gw IP be the actual Fortinet IP or would it be an IP within the tunnel?

 

Note: This setup would be extended to another local site (L2) to provide redundancy in the event of losing L1.

 

Thanks.

Outcomes