Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
snort12
New Contributor

IPSec VPN using SDWAN vs IPSec aggregate

Hi Guys, I need to connect HQ and branch site using IPSec VPN. Both sites have 2 ISP. My first option is using SDWAN feature and the second option is IPsec aggregate. I would like to know your thoughts on which one is better for high availability and load balance. 

3 REPLIES 3
Toshi_Esumi
Esteemed Contributor III

That depends. If you want/need to closely monitor usage on each circuit/vpn and adjust what traffic needs to go which path, you have to use SD-WAN. But if you don't care how much each circuit is used and just want to trust&forget once it set up, I would go to the aggregate.

emnoc
Esteemed Contributor III

1> I look at it this way, if you want redundant vpn just do legacy vpn and adjust route metric for the preference ipsec-link.

 

2> If you want to load both and share traffic across both, SDWAN is the 1st & best way.

 

 

In fact I would use it for the 1st item above if you want to write rules to use SDWAN member 1 over member 2 and only use 2 if member1 is down. SDWAN is very flexible in fortiOS. You can do so  much with it, it's just amazing.

 

Ken Felix

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
SMGK74
New Contributor II

i think the main way nowdays is the sdwan, gives you more flexible configuration and majority power on the monitor. 

Sergio Marchi
Sergio Marchi
Labels
Top Kudoed Authors