Which is the best monitoring option for redundant IPSec Tunnel?

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Which is the best monitoring option for redundant IPSec Tunnel?

L2 Linker



I'm trying to configure dual ISP and automatic IPSec tunnel failover.

Network diagram looks like picture in here(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFiCAK).

And IPSec peer devices are Fortigate.


Not like above article, I didn't make two virual router and I use static route monitoring feature to primary route.


I'm thinking to use tunnel monitoring instead static route monitor.(because of rekey issue)

Is it possble to use tunnel monitoring with Fortigate device?

And can I just configure tunnel monitoring without making additional virtual router?


Cyber Elite
Cyber Elite


Yes, you can enable tunnel monitoring even if the peer device isn't PAN and you don't need to create any additional VRs to get the feature to work properly. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!