IPSec VPN Backup

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Implement-IPsec-Backup-Tunnel/ta-p/245084community.fortinet.com

FGT1 # show  router static

config router static
    edit 2
        set device "ike2"    --> default distance is 10 
        set comment "VPN: ike2 (Created by VPN wizard)"
        set dstaddr "ike2_remote"
    next
    edit 3
        set distance 254
        set comment "VPN: ike2 (Created by VPN wizard)"
        set blackhole enable
        set dstaddr "ike2_remote"
    next
    edit 8
        set distance 15   --> higher distance for backup tunnel  
        set device "ike2_backup1"
        set comment "VPN: ike2_backup1 (Created by VPN wizard)"
        set dstaddr "ike2_backup1_remote"
    next
    edit 9
        set distance 254
        set comment "VPN: ike2_backup1 (Created by VPN wizard)"
        set blackhole enable
        set dstaddr "ike2_backup1_remote"
    next
end

기본 터널이 다운될 때마다 백업 터널이 활성 경로가 될 수 있도록 백업 터널에 더 높은 Distance를 설정

Blackhole route

Use of Black hole route in site to site IPsec VPN scenarioscommunity.fortinet.com

PreviousFortigate HA NextSystem

Last updated 1 year ago

hashtagBlackhole route

Blackhole route