FortiClient VPN IPSEC to SDWAN

Hi Andrea

These two articles should help.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPsec-dial-up-full-tunnel-with-FortiClient/ta-p/189452

https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-configure-IPsec-VPN-Tunnel-using-IKE-v2/ta-p/196140

SD-WAN will not change anything to the IPsec configuration. In IPsec config you have to select the physical interface, not the SD-WAN interface. So if you need to use both WAN interfaces then you will have to create two IPsec tunnels on your FG (one on each interface).

Which article are you referring to? and what exactly do you mean by "connect SDWAN by FortiClient VPN"?

Greetings,

You can connect a FortiGate with FortiOS 7.4.6 using FortiClient VPN (IPsec) and integrate it with SD-WAN.

Create the dialup tunnel, then add the IPsec Interface to the SD-WAN.

Note: Please make sure that no policy with an IPsec tunnel is created; otherwise, adding an IPsec interface as a member in SD-WAN will not be allowed.

Regards!

If you have found a solution, please like and accept it to make it easily accessible for others.

At least in FOS 7.2. there is some bug with ipsec dial up and sdwan. Sdwan cannot correctly detect wether a dialup is up or not and in interface mode the interface itself is always up. This leads to sdwan not taking down unusable routes which causes routing trouble then.

I don't know if that has been fixed in 7.4.