Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


TZ500 Redundancy Tunnel


We have a TZ500 in our office and created a VPN tunnel with our branch through 3rd party partner, and our branch is using the Fortinet firewall for the VPN establishment.

The partner would like to know how to establish a redundancy tunnel on TZ500. Have anyone the experience with the redundancy tunnel on TZ500?

The firmware version is

Category: Firewall Security Services

Best Answer


  • Options
    AjishlalAjishlal Community Legend ✭✭✭✭✭

    Hi @MarkCheng

    Fortigate and Sonicwall are setup with interface based tunnels. On the Sonicwall you don't specify the subnets in the tunnel policy using this method, instead you create static routes or use OSPF to control the routing.

    You create a tunnel for the primary connection and a backup connection. So if the Sonicwall has one ISP, and the Fortigate has two ISP's you have two tunnels on the Sonicwall, each negotiating to different ISP's on the Fortigate.

  • Options
    MarkChengMarkCheng Newbie ✭

    @shiprasahu93 Thank you for your references. I will take time to try the configuration.

    @Ajishlal Thank you for your suggestions. Yes, the SonicWall has one ISP only, and the Fortigate has two ISP's. I tried to put two of Fortigate's IPs as the primary and secondary gateway. Still, I observed it couldn't switch the gateway from the primary to secondary automatically when I turn off the primary IP. So even I short the primary gateway detection interval. Any suggestions?

  • Options
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭

    Try with just the non-working Fortigate IP address in the Primary gateway first, observe the logs. If you cannot get it working by itself, it's never going to be able to fail over to it.

Sign In or Register to comment.