SD WAN ipsec | Fortinet Technical Discussion Forums

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes
- Member List
- Online User List
- User Groups

Videos, Docs Library, KB

Mark Thread UnreadFlat Reading Mode ❐

SD WAN ipsec

Author Post Essentials Only Full Version
MO_mead New Member Total Posts : 3 Scores: 0 Reward points: 0 Joined: 2019/08/12 13:44:25 Status: offline 2019/08/12 14:12:06 (permalink) 0 SD WAN ipsec hi, I want to create sd-wan for branc office to HQ. I find only 2 guides (https://kb.fortinet.com/kb/documentLink.do?externalID=FD41297 and with BGP) but in my scenario I had 2 isp in brance office and 2 isp in HQ. I would not touch HQ inteface configuration..it's possible? Thanks Mirko #1 5 Replies Related Threads
orani Bronze Member Total Posts : 59 Scores: 1 Reward points: 0 Joined: 2019/07/11 12:54:18 Location: Athens Status: offline Re: SD WAN ipsec 2019/08/12 20:55:06 (permalink) 0 SD-WAN is something different from vpn. Your branch office is connected directly to internet or through HQ? You have to configure 4 ipsec vpns. 1. Branch 1 <--> hq 1 2. Branch 1 <--> hq 2 3. Branch 2 <--> hq 1 4. Branch 2 <--> hq 2 Then if you want branch internet traffic go throwgh HQ, you have to configure an sd-wan with those 4 vpns and some health checks as the article you provided. If you want your branch internet traffic go directly to the internet add to the sd-wan the to internet connections and force the traffic to go through those interfaces. In that scenario internet traffic will pass directly to internet and all other traffic would go to branch (depending the rules you will create). #2
MO_mead New Member Total Posts : 3 Scores: 0 Reward points: 0 Joined: 2019/08/12 13:44:25 Status: offline Re: SD WAN ipsec 2019/08/13 00:47:23 (permalink) 0 Thanks Orani good answerd! In my case, branch internet traffic go throwgh HQ. The theory is clear the extecution not so such. I create vpn, sd-wan and policy only in branch office but in HQ (ok vpn site-site) Do I make nothing else? Thanks again #3
orani Bronze Member Total Posts : 59 Scores: 1 Reward points: 0 Joined: 2019/07/11 12:54:18 Location: Athens Status: offline Re: SD WAN ipsec 2019/08/13 06:27:04 (permalink) 0 At hq you have to create the ipsec vpn and also the approptiate rules for the ipsec traffic #4
orani Bronze Member Total Posts : 59 Scores: 1 Reward points: 0 Joined: 2019/07/11 12:54:18 Location: Athens Status: offline Re: SD WAN ipsec 2019/08/13 06:28:51 (permalink) 0 After completing this, check also via ping if your traffic is ok from branch to hq, from branch to internet and from hg to branch #5
MO_mead New Member Total Posts : 3 Scores: 0 Reward points: 0 Joined: 2019/08/12 13:44:25 Status: offline Re: SD WAN ipsec 2019/08/14 03:19:04 (permalink) 0 Hi Orani, thanks again for your time and suggestions. In reality I had some problem to configure vpn in branch office, in particolary for understand to set ip of vpn tunnel, but now i try again, but you have other suggestions or (fortigate) guide I will be very happy to follow them. Thanks. #6

Jump to:

© 2019 APG vNext Commercial Version 5.5