Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Disaster Recovery SD-WAN

Hi friends,


I need to design an A-P Geo cluster solution and I will be happy to get some help with it. 


On the WAN interface, each one of the firewalls will need to have a different Public IP. That might be an issue since the firewalls replicate their interfaces configuration. Will it be possible to solve it with SD-WAN or secondary IP? In case the answer is yes, how can I combined this solution it with IPsec site2site tunnel and SSL VPN portal?


On the LAN side, there will be an IBGP connection to an IPVPN network. what is the best solution for that? can I use one router ID for both of them?


Hope I was clear enough. Thank you!

Contributor III

I'm not sure if I understand all your expectations. Let me explain what you can achieve with the following features:

- SD-WAN  - you can add many interfaces, WAN, IPsec, etc. Packet will have different source IP depending which interface will be used

- for the SSL portal - you enable portal for the physical interface, so your users should know which one they want to login

- you mentioned iBGP and router ID, assuming you will have Active/Passive HA cluster only one device will process traffic

Let me know if I misunderstood something or something requires clarification.


SD-WAN is the product which is different for each version, I mean 5.6, 6.0, 6.2.0 or even 6.2.1 which also brings some changes.


Valued Contributor

This a frequent misconception about Fortigate HA. Some vendors allow it, some don't. WIth Fortigate it is clear as vodka - configuration of Active and Passive members has to be identical, no different public IPs for different members. 


Basically, when you synchronize 2nd member of HA to the Active one, this transfers the configuration of the 1st/active member as is to the Passive member, deleting any difference  if any (of failing to sync/create HA cluster because of the irreconcilable differences).  

Yuri  blog: All things Fortinet, no ads.
Yuri blog: All things Fortinet, no ads.
Top Kudoed Authors