FortiSDWAN with one wan internet and multi MPLS

osaleem2_10 · ‎09-08-2025

Hi,

I have a new deployment for FortiGate as an edge firewall. The latency design involved DC FW acting as both DC and Edge. Now I will implement Fortigate as Edge and do point-to-point with DC FW.

The Q is. I do have:

- one Internet link with 2 IPSec over the Internet link.

- 2 MPLS links. One to Cloud servers with paloalto fw, second for my 10 Fortinet branches.

For the internet, I will have only 1 link. And over that will build 2 IPsec (One to be a Load balance SDWAN with MPLS to my branches, Second to be a passive link with MPLS to my cloud service).

What is the best practice to build that topology? Should I add all three 3 WAN interfaces under the SD-WAN Zone, and with that ZONE create 2 IPSec? Or I have to keep the 3 WAN interfaces without SDWAN zone as normal WAN interfaces, as there is no Load balancing except the connection with branches. Then create SDWAN for IPsec.

Kindly for advice for the best practice solution.

OSALEEM2_10

Jean-Philippe_P · ‎09-11-2025

Hello osaleem2_10,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Jean-Philippe - Fortinet Community Team

tokalno5 · ‎09-11-2025

Fortinet's SDWAN is not good, companies like Fortinet and Palo alto etc. Have completely ruined the term SDWAN. Automating tunnel creation and pinging across them is not SDWAN. You could already do that from the beginning of time. If that's all you need sure, but to me that ain't SDWAN.

FortiSDWAN with one wan internet and multi MPLS

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website