You can configure the firewall on the right the same way with opposite settings. This finishes the configuration on the left side firewall. In this case the neighbor with id 10.10.20.2 will take precedence. The neighbor with the heighest weight has priority above the one with the one with the lower one. Then create the route-maps and assign the prefix-lists: config router route-mapĬonfigure the bgp neighbors via the cli and add the prefix lists to them. First create the prefix list for the local network (left firewall). This has to be done with route-maps and prefix-lists. When this is done you have to do some configuration via the cli.Ĭonfiguring BGP filters for inbound and outbound routes (cli)įirst you have to make some bgp filters for incoming and outgoing routes. In this case 10.128.72.0/24.Ĭonfigure the other firewall with the opposite settings. Add the local networks wich you want to distribute by bgp. Fill in the Local BGP Options as shown in the following picture for the left firewall:Ĭreate the Neighbors, for the left firewall 10.10.20.2 and 10.10.20.6. You can now proceed with configuring bgp. Configure the other 3 interfaces like this one.ĭSMR P1 – Slimme meter via WiFi adapter met display You can configure this with a /32 subnet mask. ![]() This has to be the tunnel interface of the firewall on the opposite side. The primary vpn tunnel interface on the left firewall is configured with the following settings: ![]() As you can see in the following picture, I used 2 /30 networks. When this is the case you can assign tunnel addresses to the unnumbered interfaces. First you have to check if both tunnels work as expected. If this is all setup you have to assign tunnel addresses to the vpn interfaces. You first have to configure two independant vpn tunnels over the two internet connections. ![]() The process of creating a redundant vpn connection is the same as a standard fortigate to fortigate tunnel. As such, there is no way to peer between the firewalls. A standard fortigate vpn tunnel interface does not have an ip address. For bgp to work you need some peering between both firewalls. This article describes how to configure a redundant vpn connection between two fortigate firewalls with two internet connections on one side.
0 Comments
Leave a Reply. |