Fortinet black logo

New Features

FGCP over FGSP per-tunnel failover for IPsec 7.0.8

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:74567
Download PDF

For additional redundancy, an FGCP cluster on one site may form FGSP peering with FGCP clusters on other sites. The FGCP over FGSP peers can still synchronize IPsec SAs and act as the primary gateway for individual tunnels for the same dialup servers. When failover happens within an FGCP cluster, tunnel traffic will failover to the other FGCP cluster member. When an FGCP cluster fails, tunnel traffic will failover to the other FGSP peer.

For more information about this feature, see FGCP over FGSP per-tunnel failover for IPsec.

Note

This topic uses config system standalone-cluster to configure the FGSP peers. In FortiOS 7.0, the peers are configured using config system standalone-cluster and config system cluster-sync.

For additional redundancy, an FGCP cluster on one site may form FGSP peering with FGCP clusters on other sites. The FGCP over FGSP peers can still synchronize IPsec SAs and act as the primary gateway for individual tunnels for the same dialup servers. When failover happens within an FGCP cluster, tunnel traffic will failover to the other FGCP cluster member. When an FGCP cluster fails, tunnel traffic will failover to the other FGSP peer.

For more information about this feature, see FGCP over FGSP per-tunnel failover for IPsec.

Note

This topic uses config system standalone-cluster to configure the FGSP peers. In FortiOS 7.0, the peers are configured using config system standalone-cluster and config system cluster-sync.