10-04-2024 01:03 AM - edited 10-04-2024 01:20 AM
hi,
i'm running IPSec VPN betwen HQ and a branch.
i need to add the BGP HA graceful restart in the branch dual internet edge router.
there's an iBGP between the branch's dual internet edge router and fortigate HA FW (which runs IPSec).
my question, is it "safe" to add "ha-mode graceful restart" between internet edge and FW. this is for fast failover/BGP convergence if primary fortigate or its BGP went down.
doing this remotely so i'm trying to avoid being cutoff or worst be lockout.
HQ --- INTERNET/IPSEC VPN --- BRANCH IGW1/2 --- iBGP --- FG HA
IGW1/2
router bgp 65000 <<< iBGP WITH FORTIGATE
neighbor 1.2.3.4 ha-mode graceful-restart
Solved! Go to Solution.
10-05-2024 12:17 AM - edited 10-07-2024 06:25 AM
MHM
10-07-2024 06:23 AM
hi,
there's no point giving me cisco ASA link if i'm not using it.
10-07-2024 06:25 AM
Sure let other help you
Goodluck
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide