Hello everyone! I will soon be doing a deployment around 20 firewalls for a customer and they are wanting a hub and spoke configuration. They will have dual ISP connections at each of the locations for SDWAN. I also plan to implement ADVPN so the spokes can have shortcuts to talk to each other. I would like to us iBGP to advertise the local routes as well.
My question is when I configure SDWAN for the ISP connections, do I put the ADVPN interfaces in the same zone? Or would I create a separate zone for the ADVPN interfaces? Also, I'm finding tons of documentation on configuration guides for 7.0 but not too many guides on 7.2. If anyone could link some my way that would be very much appreciated!
**NOTE: I will not be using FortiManager for this deployment. Configurations will happen locally on the FortiGate's themselves. **
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @Genobaseball10 - Create new SDWAN Zone for ADVPN interfaces. So, this will improve security by isolating VPN traffic from your other network traffic.
Hi @Genobaseball10,
You can put both ISP connections in one SDWAN zone and both ADVPN interfaces in another zone.
Regards,
Hi @Genobaseball10 - Create new SDWAN Zone for ADVPN interfaces. So, this will improve security by isolating VPN traffic from your other network traffic.
Hi @Genobaseball10,
You can put both ISP connections in one SDWAN zone and both ADVPN interfaces in another zone.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.