FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sha-1_FTNT
Staff
Staff

Description

Fortinet Auto Discovery VPN (ADVPN) allows to dynamically establish direct tunnels (called shortcuts) between the spokes of a traditional Hub and Spoke architecture.

After a shortcut tunnel is established between two spokes and routing has converged, spoke to spoke traffic no longer needs to flow through the Hub. Direct connectivity is provided.

Fortinet ADVPN was introduced in FortiOS 5.4.
 
advpn.png

Solution
The PDF file available in the Attachments section contains:

Table of Contents

IPsec VPN Topology
    Hub and Spoke
    Partial Mesh
    Full Mesh
    Auto-Discovery VPN

ADVPN shortcut negotiation
    Summary - ADVPN sequence of events

Fortinet Auto-Discovery VPN
    IPsec and Dynamic routing
    A single ADVPN Domain
    NAT with ADVPN
    Lifetime of ADVPN shortcuts

Reference Architecture - Dual Region
    Dual Region Underlay
    Dual Region Overlay
    Dual Region BGP ASN
    France Underlay
    France Overlay

Overlay IPs

IPsec configuration
    Hub
    Spoke

ADVPN with BGP
    Explanation
    Hub configuration
    Spoke configuration

ADVPN with OSPF
    OSPF configuration
    Hub configuration
    Spoke configuration

Dual Region (BGP)
    Overlay
    IPsec configuration
    BGP configuration
    BGP Next-Hop reachability

ADVPN troubleshooting
    IPsec
    BGP
    OSPF

ADVPN Dual Region (BGP) - Lab configuration

 
 
Additional ADVPN articles available in the Fortinet Cookbook:

Related Articles

Technical Note: How to mix ADVPN-aware and non-ADVPN-aware spokes within the same ADVPN Hub-and-Spok...

Technical Tip: 'set net-device' new route-based IPsec logic

Contributors