Fortigate 7.2 SDWAN + ADVPN

Genobaseball10 · ‎04-11-2024

Hello everyone! I will soon be doing a deployment around 20 firewalls for a customer and they are wanting a hub and spoke configuration. They will have dual ISP connections at each of the locations for SDWAN. I also plan to implement ADVPN so the spokes can have shortcuts to talk to each other. I would like to us iBGP to advertise the local routes as well.
My question is when I configure SDWAN for the ISP connections, do I put the ADVPN interfaces in the same zone? Or would I create a separate zone for the ADVPN interfaces? Also, I'm finding tons of documentation on configuration guides for 7.0 but not too many guides on 7.2. If anyone could link some my way that would be very much appreciated!

**NOTE: I will not be using FortiManager for this deployment. Configurations will happen locally on the FortiGate's themselves. **

CCNA | FCP | CWNA

rtanagras · ‎04-11-2024

Hi @Genobaseball10 - Create new SDWAN Zone for ADVPN interfaces. So, this will improve security by isolating VPN traffic from your other network traffic.

Best,
Ricky

View solution in original post

hbac · ‎04-12-2024

Hi @Genobaseball10,

You can put both ISP connections in one SDWAN zone and both ADVPN interfaces in another zone.

Regards,