Skip to main content
Quandit
Quandit
Explorer
June 7, 2022
Question

SD WAN with 2 link, and one link with no SD WAN

  • June 7, 2022
  • 4 replies
  • 6167 views

Hello all

 

I have a question about SD WAN and "no SD WAN" in the same time.

 

I'm learning network, and at now I training on fortigate 200F the SD-WAN configuration. My problem, maybe not a prpoblem for somebody with more expirence :)

 

I have three link.

 

Two of them I configured with SD-WAN, this first SD-WAN work very well, I have internet connection from my VLAN's.

 

Now I'm connected third link I want configure there DMZ (for some FTP stuf), so i try configure port like in documentation 1. cfg port. 2. Create static routing etc.

But I have information "You cannot have duplicated routes on SD-WAN and non SD-WAN interfaces."


So now I don't know the idea.

 

I want separate link, this should not work with another I already have.

 

So how to start this proces, at now Im created second SD-WAN zone and I use this link like member but this is correct way?

 

 

4 replies

A
Anonymous_User
Contributor
June 7, 2022

Hi @Quandit,

You can create more than one SDWAN zones, but remember, the member of one SDWAN zone can not be the member of another SDWAN Zone. Even you can have only one member in SDWAN zone. After creating the SDWAN zones you can create SDWAN rules to route your traffic.

Regards,

Quandit
QuanditAuthor
Explorer
June 7, 2022

Hi malam

 

At now Im doing like you write probably. I sent some picutre.

 

 

 

SDWAN.PNG

A
Anonymous_User
Contributor
June 8, 2022

Hi @Quandit,

Your SDWAN zones are correctly configure and now you can configure your SDWAN rules to route traffic as per your requirment:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Working-of-SD-WAN-rule-with-outgoing-interface/ta-p/192239

 

https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/380145/configuring-sd-wan-rules

 

Regards,

    ntaneja
    Staff & Editor
    ntaneja
    Staff & Editor
    June 7, 2022

    Hi Quandit

     

     

    Thank you for your question. You have couple of options.

    - If you are running more recent version of FOS, you can divide these interfaces into 2 different SDWAN zones. And use these zones when you are addressing them in routes or firewall policies

    - In static route, do not use SDWAN interface, but specific interface. Then you will be able to create default route via any interface you want, even the ones that are not part of SDWAN configuration

     

    Doc for additional info: https://docs.fortinet.com/document/fortigate/6.2.3/technical-tip-multiple-default-routes-where-sdwan-rules-are-not-preferred/20/fd47747

     

    Thanks

      Quandit
      QuanditAuthor
      Explorer
      June 24, 2022

      I forgot give answer, the way I start and @Anonymous confirm was good way )

       

      Thanks! 

      Terms & ConditionsAccessibility statement