Skip to main content
bfakhriddi
bfakhriddi
New Member
September 17, 2021
Question

SDWAN and question

  • September 17, 2021
  • 4 replies
  • 6967 views

Hi ,

was watching couple videos about sdwan and how to set it up, all videos shows to send all traffic via sdwan. But is this possible to send some traffic via sdwan and other via regular wan interfaces and  via ipsec also ?  Can anyone share any link or steps how to do this? 

    4 replies

    JWOrange
    JWOrange
    New Member
    September 18, 2021

    I also have the same question and additional enquiry:

     

    1. Can the same sdwan interface support SDWAN and also ipsec tunnel to other non sd-wan locations ?

    2. Can the same sdwan interface support inbound internet traffic to DMZ ?

     

    TQ

    sw2090
    SuperUser
    sw2090
    SuperUser
    September 21, 2021

    1. yes as we have that running here

    2. don't know as we don't use that

     

    To the Thread-Starter:

     

    the problem is not the traffic - the problem is the routing.

    if you run ipsec the rouing over ipsec uses the tunnel interface.

     

    But if you want to route internet traffic besides sd-wan that would require an additional default route. 

    Unfortunately sd-wan is a stupid monarch and doesn't allow this at all. Also you won't be able to use Interfaces in policies that are members of sd-wan...

     

     

      bfakhriddi
      bfakhriddiAuthor
      New Member
      September 21, 2021

      "Unfortunately sd-wan is a stupid monarch and doesn't allow this at all. Also you won't be able to use Interfaces in policies that are members of sd-wan..."   Do u mean so even if  I create second default route trough regular WAN to send some traffic Fortigate  will anyway send traffic via SDWAN ? 

      rodriguin
      rodriguin
      New Member
      October 4, 2021

      Yes!! you can add IPSec interfaces as SDWAN interfaces and create sdwan rules to do that. Or just (but more complicated to manage) add static routes to destinations for other wans and IPSec to reach internet.

      ekrishnan
      Staff
      ekrishnan
      Staff
      November 9, 2023

      Hi,

       

       @bfakhriddi. Consider using policy routes, 

      Policy routes takes precedence over SDWAN rules, in way you can configure a policy route to route traffic of certain destination to the interfaces  which you prefer, please try it.

        Presleydiana
        Presleydiana
        New Member
        November 13, 2023

        Am currently running FortiGate with firmware version 6.4.3 and FortiClient version 7.2.2. The challenge arises when attempting to establish SSL VPN connections on macOS devices. While the connection initiation seems smooth, users are reporting intermittent disconnections, and in some cases, the VPN drops altogether with a error message stating "SSLVPN connection terminated (Error -12)".

        Terms & ConditionsAccessibility statement