Fortinet black logo

New Features

Home FortiGate / FortiOS 7.0.0 New Features

FGSP per-tunnel failover for IPsec 7.0.8

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:892338
Download PDF

FGSP per-tunnel failover for IPsec 7.0.8

During FGSP per-tunnel failover for IPsec, the same IPsec dialup server configured on each FGSP member may establish tunnels with dialup clients as the primary gateway. The IPsec SAs are synchronized to all other FGSP peers that have FGSP synchronization for IPsec enabled. Other FGSP members may establish a tunnel with other clients on the same dialup server and synchronize their SAs to other peers.

Upon the failure of the FGSP member that is the primary gateway for a tunnel, the upstream router will fail over the tunnel traffic to another FGSP member. The other FGSP member will move from standby to the primary gateway for that tunnel and continue to forward traffic.

For more information about this feature, see FGSP per-tunnel failover for IPsec.

Note

This topic uses config system standalone-cluster to configure the FGSP peers. In FortiOS 7.0, the peers are configured using config system standalone-cluster and config system cluster-sync.
Previous
Next

FGSP per-tunnel failover for IPsec 7.0.8

During FGSP per-tunnel failover for IPsec, the same IPsec dialup server configured on each FGSP member may establish tunnels with dialup clients as the primary gateway. The IPsec SAs are synchronized to all other FGSP peers that have FGSP synchronization for IPsec enabled. Other FGSP members may establish a tunnel with other clients on the same dialup server and synchronize their SAs to other peers.

Upon the failure of the FGSP member that is the primary gateway for a tunnel, the upstream router will fail over the tunnel traffic to another FGSP member. The other FGSP member will move from standby to the primary gateway for that tunnel and continue to forward traffic.

For more information about this feature, see FGSP per-tunnel failover for IPsec.

Note

This topic uses config system standalone-cluster to configure the FGSP peers. In FortiOS 7.0, the peers are configured using config system standalone-cluster and config system cluster-sync.
Previous
Next