Share via

VPN site to Site

Handian Sudianto 5,706 Reputation points
2025-01-30T09:18:39.21+00:00

I have topology like below picture where :

  • We have 3 sites
  • Each site have 2 firewall (using fortinet) in HA mode
  • Each site have 2 different internet line and one WAN connection (MPLS)
  • Every site can communicate using the WAN connection

Need recommendation what suitable Azure VPN topology to achieve below requirement

  • Each site can access to the azure via two different internet line, or if this impossible we can set ISP1 in every sites as primary connection to the azure and make ISP2 as secondary. If ISP1 as main connection is down, so ISP2 will take over.
  • If both Internet connection on the site is down example in site1, the site 1 will use WAN connection to site2 to reach to the azure.

Some one here can share the experience when configuring multiple branch to the Azure?

User's image

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,635 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andreas Baumgarten 117.5K Reputation points MVP
    2025-01-30T10:28:35.5266667+00:00

    Hi @Handian Sudianto ,

    here you can find some generic information about Azure VPN Gateway topologies for high availability:

    Design highly available gateway connectivity for cross-premises and VNet-to-VNet connections

    Regarding the second requirement: It should be possible using different network traffic routing if an ISP went down.

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    Andreas Baumgarten

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.