Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bamather
New Contributor

Created on ‎06-03-2020 02:45 PM

ADVPN with SDWAN and adding Second HUB

I am working on configuring ADVPN with 1 internet connection at the HUB, and 2 internet connections at most the branch Locations. (Some will only have 1 internet connections).  

 

I currently do not have any route maps so routing table looks messy but it works ok

 

First question:  Has anyone set this up already, and does my configuration setup look correct.  I know it is working, but very new to fortigate and BGP

 

Second question: I cannot wrap my head around how I would prefer hub 1 to be used to to build the shortcuts. Maybe it doesn't matter what hub is used and I am over thinking it. With Cisco DVMPN i would put a delay on the tunnel to the second hub, which would keep EIGRIP from using it because it was a worse route. Do I need to do this with BGP? Is there such and option?

 

Spoke Config - https://pastebin.com/tw65NXWX

Hub Config - https://pastebin.com/eggvdUty

Hub2 Config - https://pastebin.com/KwvihNqP

5032
0 Kudos
5 REPLIES 5
bamather
New Contributor

Created on ‎06-08-2020 07:54 AM

Anyone ever done this?

2859
0 Kudos
RVTim
New Contributor
In response to bamather

Created on ‎01-06-2021 10:46 AM

bamather, 

Did you ever get anywhere on this?  I've got something similar I'd like to do, and if you've done it, it would be great to get some insight.

I have this thread, with no replies, also:

https://forum.fortinet.com/tm.aspx?tree=true&m=192395&mpage=1

 

Not Logged in

chrome
2859
0 Kudos
bamather
New Contributor
In response to RVTim

Created on ‎01-06-2021 02:14 PM

I did not get this to work as I wanted.  I did get it to work with 2 hubs but it is not true SDWAN as I did a primary and backup VPN connection to the hubs.  In my case I have a fiber and a cable/DSL to all my branch locations so SDWAN always picked the Fiber anyways for the IPSec VPN connection.  

2860
0 Kudos
RVTim
New Contributor
In response to bamather

Created on ‎01-06-2021 02:20 PM

I would actually be fine with that.  My goal is to primarily have our corporate HQ be the primary hub, and then have it fall back to one other hub as a backup.  Having 2 backups is a little over the top as a definite requirement for us.  Did you have a specific guide that you used that I can refer to?  

 

Not Logged in

chrome
2860
0 Kudos
bamather
New Contributor
In response to RVTim

Created on ‎01-06-2021 02:27 PM

Below is the combination of stuff I used.  I also have some template that someone else sent me that really helped out.  

 

http://cookbook.fortinet....redundant-hubs-expert/]https://web.archive.org/web/20180623032835/http://cookbook.fortinet....redundant-hubs-expert/[/link]

 

https://kb.fortinet.com/k...amp;documentID=FD39360

2860
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.