SD WAN ipsec

Forum|Forum|6 years ago
August 12, 2019
1 reply
4515 views

hi, I want to create sd-wan for branc office to HQ. I find only 2 guides (https://kb.fortinet.com/kb/documentLink.do?externalID=FD41297 and with BGP) but in my scenario I had 2 isp in brance office and 2 isp in HQ. I would not touch HQ inteface configuration..it's possible?

Thanks

Mirko

orani

New Member

SD-WAN is something different from vpn. Your branch office is connected directly to internet or through HQ? You have to configure 4 ipsec vpns. 1. Branch 1 <--> hq 1 2. Branch 1 <--> hq 2 3. Branch 2 <--> hq 1 4. Branch 2 <--> hq 2 Then if you want branch internet traffic go throwgh HQ, you have to configure an sd-wan with those 4 vpns and some health checks as the article you provided. If you want your branch internet traffic go directly to the internet add to the sd-wan the to internet connections and force the traffic to go through those interfaces. In that scenario internet traffic will pass directly to internet and all other traffic would go to branch (depending the rules you will create).

MO_meadAuthor

Explorer

Thanks Orani good answerd!

In my case, branch internet traffic go throwgh HQ. The theory is clear the extecution not so such.

I create vpn, sd-wan and policy only in branch office but in HQ (ok vpn site-site) Do I make nothing else?

Thanks again

orani

New Member

At hq you have to create the ipsec vpn and also the approptiate rules for the ipsec traffic

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded