Chapter 11 IPsec VPN for FortiOS 5.0 : Redundant VPN configurations : Configuration overview : General configuration steps
  
General configuration steps
A redundant configuration at each VPN peer includes:
one phase 1 configuration (virtual IPsec interface) for each path between the two peers. In a fully-meshed redundant configuration, each network interface on one peer can communicate with each network interface on the remote peer. If both peers have two public interfaces, this means that each peer has four paths, for example.
one phase 2 definition for each phase 1 configuration
one static route for each IPsec interface, with different distance values to prioritize the routes
two Accept security policies per IPsec interface, one for each direction of traffic
dead peer detection enabled in each phase 1 definition
The procedures in this section assume that two separate interfaces to the Internet are available on each VPN peer.