At one side I have FG with two ISP, lets say ISPFGA and ISPFGB and other side I have vyos with two ISPs → ISPVYA and ISPVYB.
Now I wanted to configure the failover VPN so that hosts behind FG can communicate with hosts behind vyos. In this case is it advisable to configure 2 Tunnels or 4 tunnels?
Like
Scenario 1 :
ISPFGA => ISPVYA
ISPFGB => ISPVYB
I have configured 4 WireGuard tunnels between my two routers on each side and use OSPF for dynamic routing. I haven’t dealt with BGP yet so I can’t tell what’s better but OSPF is doing its job quite well.
How many such devices or sites you have?I guess managing small number of sites or locations with this setup will be ok but as the devices or sites grows, seems it will be difficult to manage?
I have only two sites with each one having two VPN routers. I guess if you have a couple of sites maybe a hub and spoke topology could be an option instead of a full mesh.
Haven’t dealt with DMVPN yet. Since I only have two sites I can’t make a good recommendation for a HA topology when you have a couple of sites. I was mentioning a hub-and-spoke topology as this is also a common setup when you e.g. have a couple of branch offices connected to the head office.
Maybe someone from the community can recommend a good setup based on their practical experience.