Im wondering could I get some advice on how I could setup a redundant VPN between FGT and Azure.
I have two completely separate active-active DCs, with FGT HA clusters in each, and would like one Azure VPN active to say DC1, and if that connection goes down, auto failover to DC2.
I assume this is possible, but in terms of the failover mechanism, Im not sure where the failover configuration is deployed primarily - AZ or FGT?
I know when building Azure VPNs, it automatically creates a second tunnel. Im wondering is that what I should use for the standby tunnel, and have Azure failover when it identifies a drop in connection? Or is that second VPN endpoint only backup for the same endpoint?
Also, I was thinking, because this is an active-active DC environment, would a more prudent option be to have two separate / active VPNs into their Azure environment?
Im not completely sure if we might have routing issues when the backup VPN automatically comes online through DC2, or how that might look from the customer side of things.
Note, theres no connection between the DC1 and DC2 FGT HA clusters. And I dont have ability to use BGP to failover, at this point at least.
Any thoughts very welcome!