Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Quandit
New Contributor II

SD WAN with 2 link, and one link with no SD WAN

Hello all

 

I have a question about SD WAN and "no SD WAN" in the same time.

 

I'm learning network, and at now I training on fortigate 200F the SD-WAN configuration. My problem, maybe not a prpoblem for somebody with more expirence :)

 

I have three link.

 

Two of them I configured with SD-WAN, this first SD-WAN work very well, I have internet connection from my VLAN's.

 

Now I'm connected third link I want configure there DMZ (for some FTP stuf), so i try configure port like in documentation 1. cfg port. 2. Create static routing etc.

But I have information "You cannot have duplicated routes on SD-WAN and non SD-WAN interfaces."


So now I don't know the idea.

 

I want separate link, this should not work with another I already have.

 

So how to start this proces, at now Im created second SD-WAN zone and I use this link like member but this is correct way?

 

 

5 REPLIES 5
malam
Staff
Staff

Hi Quandit,

You can create more than one SDWAN zones, but remember, the member of one SDWAN zone can not be the member of another SDWAN Zone. Even you can have only one member in SDWAN zone. After creating the SDWAN zones you can create SDWAN rules to route your traffic.

Regards,

Mahboob Alam
Quandit
New Contributor II

Hi malam

 

At now Im doing like you write probably. I sent some picutre.

 

 

 

SDWAN.PNG

malam

Hi Quandit,

Your SDWAN zones are correctly configure and now you can configure your SDWAN rules to route traffic as per your requirment:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Working-of-SD-WAN-rule-with-outgoing-inter...

 

https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/380145/configuring-sd-wan-ru...

 

Regards,

Mahboob Alam
ntaneja
Staff
Staff

Hi Quandit

 

 

Thank you for your question. You have couple of options.

- If you are running more recent version of FOS, you can divide these interfaces into 2 different SDWAN zones. And use these zones when you are addressing them in routes or firewall policies

- In static route, do not use SDWAN interface, but specific interface. Then you will be able to create default route via any interface you want, even the ones that are not part of SDWAN configuration

 

Doc for additional info: https://docs.fortinet.com/document/fortigate/6.2.3/technical-tip-multiple-default-routes-where-sdwan...

 

Thanks

Quandit
New Contributor II

I forgot give answer, the way I start and @malam confirm was good way )

 

Thanks! 

Labels
Top Kudoed Authors