Hi All, I've attached a .jpg explaining what I'm looking to do, but I'm new to fortigate products so still lower on the learning curve.
I've got a central HQ with 2 ISP's, and address space of our own using BGP for failover capability.
I've got 2 data centers where a majority of the servers run.
Those 3 sites are all connected with high speed 10GB capable routed links, sharing routes using OSPF.
All 3 sites are running 601E's in HA mode, with everything dual-connected.
I have multiple branch offices that need access to the 3 sites. Some branches have multiple ISPs. A few have only a single.
All branches will need access to at least HW and DC1, and we would like DC2 as an option also, because as long as you hit one of the 3 connected hubs, you're on the ring and can get where you need to go. The branches don't necessarily need to communicate with each other, so I'm not sure if I'd have them mesh, or not.
I'm not sure if I'm better off configuring static tunnels on all of the links between all of the data centers, or if ADVPN would be the better way to go. At this point, I've done some static tunnels on the Fortigate, but never done ADVPN, so that would be new for me.
Does anyone have any good input on the best way to attack this?
Also, in theory, since we have BGP running with our own IPv4 space at HQ, we could build a single tunnel to HQ over the active provider, but I assume with SD-WAN we're better off doing dual tunnels, one to each ISP's actual physical connection, and let SD-WAN pick the better provider?
Thanks for any tips you can throw in.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.