Which is the best monitoring option for redundant IPSec Tunnel?

Reply
L1 Bithead

Which is the best monitoring option for redundant IPSec Tunnel?

Hello.

 

I'm trying to configure dual ISP and automatic IPSec tunnel failover.

Network diagram looks like picture in here(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFiCAK).

And IPSec peer devices are Fortigate.

 

Not like above article, I didn't make two virual router and I use static route monitoring feature to primary route.

 

I'm thinking to use tunnel monitoring instead static route monitor.(because of rekey issue)

Is it possble to use tunnel monitoring with Fortigate device?

And can I just configure tunnel monitoring without making additional virtual router?

Tags (1)
L7 Applicator

Re: Which is the best monitoring option for redundant IPSec Tunnel?

@yhlee1,

Yes, you can enable tunnel monitoring even if the peer device isn't PAN and you don't need to create any additional VRs to get the feature to work properly. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!