FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
FortiGate IPSec VPN User Guide - FirewallShop.com
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Creating a backup <strong>IPSec</strong> interface<br />
Redundant <strong>VPN</strong> configurations<br />
3 Select Create New, enter the following information, and select OK:<br />
Source Interface/Zone<br />
Source Address Name<br />
Destination Interface/Zone<br />
Destination Address Name<br />
Schedule<br />
Service<br />
Action<br />
Internal<br />
All<br />
Site_2_B<br />
All<br />
Always<br />
Any<br />
ACCEPT<br />
Creating a backup <strong>IPSec</strong> interface<br />
Starting in FortiOS 3.0 MR4, you can configure a route-based <strong>VPN</strong> that acts as a<br />
backup facility to another <strong>VPN</strong>. It is used only while your main <strong>VPN</strong> is out of<br />
service. This is desirable when the redundant <strong>VPN</strong> uses a more expensive facility.<br />
In FortiOS releases prior to 3.0 MR4, a backup <strong>VPN</strong> configuration is possible only<br />
if the backup connection is a modem in a Redundant mode configuration.<br />
You can configure a backup <strong>IPSec</strong> interface only in the CLI. The backup feature<br />
works only on interfaces with static addresses that have dead peer detection<br />
enabled. The monitor-phase1 option creates a backup <strong>VPN</strong> for the specified<br />
phase 1 configuration.<br />
In the following example, backup_vpn is a backup for main_vpn.<br />
config vpn ipsec phase1-interface<br />
edit main_vpn<br />
set dpd on<br />
set interface port1<br />
set nattraversal enable<br />
set psksecret "hard-to-guess"<br />
set remote-gw 10.10.10.8<br />
set type static<br />
end<br />
edit backup_vpn<br />
set dpd on<br />
set interface port2<br />
set monitor-phase1 main_vpn<br />
set nattraversal enable<br />
set psksecret "hard-to-guess"<br />
set remote-gw 10.10.10.8<br />
set type static<br />
end<br />
<strong>FortiGate</strong> <strong>IPSec</strong> <strong>VPN</strong> Version 3.0 <strong>User</strong> <strong>Guide</strong><br />
104 01-30005-0065-20070716