This article defines how to configure SPA on FortiSase.
FortiSASE.
To set up the SD-WAN connector on FortiSASE, start by configuring the FortiGate (FGT) in Data Center DC1 as the IPsec server (HUB-1) with BGP enabled. Subsequently, configure the FortiSASE as the dial-up client (SPOKE) to initiate the establishment of the IPsec tunnel between FortiSASE and FGT-DC1.
IPSEC, BGP, and security policy have been configured in the HUB FGT.
A few important points on the HUB configuration:
FortiSASE SD-WAN connector Configuration:
Access the FortiSASE console and go to the Network -> Secure Private Access section, to set up the connection to the on-prem FortiGate (FGT) devices acting as SDWAN HUBs. Begin by selecting the 'Network Configuration' tab to define the common parameters, as illustrated below:
BGP Router ID Subnet: Use an available/unused subnet to assign IP addresses designated for BGP Router IDs on the FortiSASE security Points of Presence (PoPs). Ensure that the subnet size is a minimum of /28.
If there are multiple Hubs the health check IP remains the same for all the Hubs.
Save the Network Configuration changes by selecting the 'Save' button, and then navigate to the 'Service Connections' tab to initiate the configuration for the first Hub. Within the Service Connections tab, select the 'Create' button located in the left-upper corner. This action will lead to a new page, as depicted below, where it is possible to configure the Hub.
Upon successful implementation of the correct configuration, observe the status indicators for Health Check and VPN to confirm their operational status, both of which should be marked as 'up'.
If Health is selected:
Go to SPA -> Service Connections -> Health and select the POP and on the top right, View Learned BGP Routes will be visible.
Security Policies for Private Access:
Go to Configuration -> Policies, select Private Access, create new one, and create the respective required policy.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.