Hot!SD WAN ipsec

Author
MO_mead
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/08/12 13:44:25
  • Status: offline
2019/08/12 14:12:06 (permalink)
0

SD WAN ipsec

hi, I want to create sd-wan for branc office to HQ. I find only 2 guides (https://kb.fortinet.com/kb/documentLink.do?externalID=FD41297 and with BGP) but in my scenario I had 2 isp in brance office and 2 isp in HQ. I would not touch HQ inteface configuration..it's possible?
 
Thanks
Mirko
#1

5 Replies Related Threads

    orani
    Silver Member
    • Total Posts : 101
    • Scores: 1
    • Reward points: 0
    • Joined: 2019/07/11 12:54:18
    • Location: Athens
    • Status: offline
    Re: SD WAN ipsec 2019/08/12 20:55:06 (permalink)
    0
    SD-WAN is something different from vpn. Your branch office is connected directly to internet or through HQ? You have to configure 4 ipsec vpns.

    1. Branch 1 <--> hq 1
    2. Branch 1 <--> hq 2
    3. Branch 2 <--> hq 1
    4. Branch 2 <--> hq 2

    Then if you want branch internet traffic go throwgh HQ, you have to configure an sd-wan with those 4 vpns and some health checks as the article you provided.

    If you want your branch internet traffic go directly to the internet add to the sd-wan the to internet connections and force the traffic to go through those interfaces. In that scenario internet traffic will pass directly to internet and all other traffic would go to branch (depending the rules you will create).
    #2
    MO_mead
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/12 13:44:25
    • Status: offline
    Re: SD WAN ipsec 2019/08/13 00:47:23 (permalink)
    0
    Thanks Orani good answerd!
     
    In my case, branch internet traffic go throwgh HQ. The theory is clear the extecution not so such.
    I create vpn, sd-wan and policy only in branch office but in HQ (ok vpn site-site) Do I make nothing else?
     
    Thanks again
     
    #3
    orani
    Silver Member
    • Total Posts : 101
    • Scores: 1
    • Reward points: 0
    • Joined: 2019/07/11 12:54:18
    • Location: Athens
    • Status: offline
    Re: SD WAN ipsec 2019/08/13 06:27:04 (permalink)
    0
    At hq you have to create the ipsec vpn and also the approptiate rules for the ipsec traffic
    #4
    orani
    Silver Member
    • Total Posts : 101
    • Scores: 1
    • Reward points: 0
    • Joined: 2019/07/11 12:54:18
    • Location: Athens
    • Status: offline
    Re: SD WAN ipsec 2019/08/13 06:28:51 (permalink)
    0
    After completing this, check also via ping if your traffic is ok from branch to hq, from branch to internet and from hg to branch
    #5
    MO_mead
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/08/12 13:44:25
    • Status: offline
    Re: SD WAN ipsec 2019/08/14 03:19:04 (permalink)
    0
    Hi Orani, thanks again for your time and suggestions. In reality I had some problem to configure vpn in branch office, in particolary for understand to set ip of vpn tunnel, but now i try again, but you have other suggestions or (fortigate) guide I will be very happy to follow them.
    Thanks.
    #6
    Jump to:
    © 2019 APG vNext Commercial Version 5.5