Fortinet black logo

Creating a redundant IPsec VPN

Creating a redundant IPsec VPN

To use VPN resiliency/redundancy, configure a list of FortiGate IP/FQDN servers, instead of just one:

<forticlient_configuration>

<vpn>

<ipsecvpn>

<options>

...

</options>

<connections>

<connection>

<name>psk_90_1</name>

<type>manual</type>

<ike_settings>

<prompt_certificate>0</prompt_certificate>

<server>10.10.90.1;ipsecdemo.fortinet.com;172.17.61.143</server>

<redundant_sort_method>1</redundant_sort_method>

...

</ike_settings>

</connection>

</connections>

</ipsecvpn>

</vpn>

</forticlient_configuration>

This is a balanced but incomplete XML configuration fragment. It includes all closing tags, but omits some important elements to complete the configuration.

redundant_sort_method = 1

This XML tag sets the IPsec VPN connection as ping-response-based. The VPN connects to the FortiGate that responds the fastest.

redundant_sort_method = 0

By default, redundant_sort_method =0, and the IPsec VPN connection is priority-based. Priority-based configuration attempts to connect to FortiGates by starting with the first FortiGate on the configured list.

Creating a redundant IPsec VPN

To use VPN resiliency/redundancy, configure a list of FortiGate IP/FQDN servers, instead of just one:

<forticlient_configuration>

<vpn>

<ipsecvpn>

<options>

...

</options>

<connections>

<connection>

<name>psk_90_1</name>

<type>manual</type>

<ike_settings>

<prompt_certificate>0</prompt_certificate>

<server>10.10.90.1;ipsecdemo.fortinet.com;172.17.61.143</server>

<redundant_sort_method>1</redundant_sort_method>

...

</ike_settings>

</connection>

</connections>

</ipsecvpn>

</vpn>

</forticlient_configuration>

This is a balanced but incomplete XML configuration fragment. It includes all closing tags, but omits some important elements to complete the configuration.

redundant_sort_method = 1

This XML tag sets the IPsec VPN connection as ping-response-based. The VPN connects to the FortiGate that responds the fastest.

redundant_sort_method = 0

By default, redundant_sort_method =0, and the IPsec VPN connection is priority-based. Priority-based configuration attempts to connect to FortiGates by starting with the first FortiGate on the configured list.