priorize vpn traffic?

Forum|Forum|6 years ago
July 10, 2019
1 reply
4352 views

We run a Loadbalancer (SD-WAN) on our FGT that balances internet traffic.

We also have several IPSec Tunnels. Those have to be connected to a specific wan interface and cannot use SD-WAN.

I set the Loadbalancer volume based and it is set o not use all avaiable bandwith.

Thus big downloads affect the performance on ipsec.

Since I cannot use SD-WAN rules here - is there a way to priorize ipsec traffc before internet traffic?

Best answer by hubertzw

Let's assume you have WAN1 and WAN2. You have some IPsec tunnels on WAN2.

In SD-WAN definition I'd try to set the load balancing method 'sessions' to send 2x more traffic over WAN1 than via WAN2.

Is it something what you are looking for?

hubertzw

New Member

What software version do you use? Every version have many new features 5.6 vs 6.0 vs 6.2.0 s 6.2.1.

How many WAN links do you have? If more than one I'd try to separate VPN traffic from the Internet, I think you could use PBR.

Is there any reason you can't add WAN dedicated for VPN to the SD-WAN? By creating rules you can totally separate traffic between two or or more groups of interfaces.

sw2090Author

SuperUser

We still have 5.4.

We have two WAN Lines and both are in SD-WAN.

IPSec doesn't use SD-WAN because it needs a unique termination.

So how could any SD-WAN rules affect VPN Traffic that goes either directly to the wan line or the vpn interface?

hubertzwAnswer

New Member

Let's assume you have WAN1 and WAN2. You have some IPsec tunnels on WAN2.

In SD-WAN definition I'd try to set the load balancing method 'sessions' to send 2x more traffic over WAN1 than via WAN2.

Is it something what you are looking for?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded