Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amorales
New Contributor

ADVPN - Hub with two WAN Interfaces + SD-WAN

Hi, I am currently thinking about a new design using some FortiGates we already have, and I am wondering if possible to make work the following scenario:

 

- One Hub with two WAN interfaces (one interface leads to MPLS and the second interface leads to Internet).

- Multiple Spokes with two WAN interfaces (one interface leads to MPLS and the second interface leads to Internet).

 

I am thinking about creating two tunnels in each firewall, and setting the HQ firewall as Hub in both WAN interfaces (Remote Gateways set as Dialup User). Then the Spokes will also have two tunnels (one per WAN interface) targeting the Hub WAN interfaces (Spoke MPLS interface pointing to Hub MPLS interface IP and Spoke Internet interface pointing to Hub Internet interface). I will use BGP as routing protocol and will prefer routes advertised on tunnel1 (MPLS). 

 

On top of this underlay, I would also like to run SD-WAN, using tunnel1 and tunnel2 virtual interfaces as SD-WAN members. What do you think about this? I think it is possible to achieve but I would like to know if someone has a similar scenario running and working properly. Thank you.

1 REPLY 1
freddelm
New Contributor

Were you ever able to get this to work?. I am trying the same design however the VPN connection from the 2nd Hub ISP to the Primary Hub ISP doesnt come up.