Fortigate Backup VPN

You can configure a route-based VPN that acts as a backup facility to another VPN. It is used only while your main VPN is out of service. This is desirable when the redundant VPN uses a more expensive facility.
You can configure a backup IPsec interface only in the CLI. The backup feature works only on interfaces with static addresses that have dead peer detection enabled. The monitor option creates a backup VPN for the specified phase 1 configuration. Redundant tunnels do not support Tunnel Mode or Manual Keys. You must use Interface Mode.

In the following example, backup_vpn is a backup for main_vpn.
config vpn ipsec phase1-interface
 edit main_vpn
  set dpd on
  set interface port1
  set nattraversal enable
  set psksecret *****
  set remote-gw
  set type static
 edit backup_vpn
  set dpd on
  set interface port2
  set monitor main_vpn
  set nattraversal enable
  set psksecret *****
  set remote-gw
  set type static


Popular posts from this blog

Filtering Routes in BGP using Route-maps and Prefix-list

Ansible-playbook for backing up running config of Cisco IOS

Ansible-Playbook to display output of multiple show commands (using stdout_lines with Loop)

Export or Backup Azure Virtual Networks or Subnet information into CSV using PowerShell

Ansible Playbook for Network OS Upgrade with pre and post checks

Export or Backup Azure Route Table into CSV using PowerShell

Cisco ASA Active/Active Failover Configuration

VMware NSX Traffic Flow — East-West & North-South

Get Model Number and Serial number of Cisco devices using ios_facts module

Download Visio Stencils for Network Topology