Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Fortigate SDWAN and MPLS

Hi guys

Hoping someone can point me in the right direction here.

Client has a Data Centre and 4 remote sites. FortiGates are in SDWAN.

Data Center has a IPSEC tunnel to each site and one MPLS link to the sites.

Sites has a IPSEC tunnel to the DC and one MPLS link.

Now we can't put performance SLAs on the MPLS link to each site from the DC as we can't remove specific routes, so if one site goes down, the FortiGate removes all static routes on the MPLS interface and all sites go down on MPLS from the Data Centre.

I thought about doing IPSEC tunnels over MPLS but there are some services that require site to site access, like viewing of cameras and AD, which we don't want to bottleneck over the Data Centre.

I could look at seperate tunnels between site to site.

Otherwise what options would we have here? I am looking for simplistic options, not ADVPN, sites are small. There is mainly one or two subnets at each site. I just want a simple effective solution without going into too much hassle.

The main objective is if the MPLS goes down, the IPSEC Tunnel will be used and at the moment it is a manual change of SD WAN rule on both sides.

Thanks in advance

router login 192.168.l.l

Hello @daria2 ,


Thank you for contacting the Fortinet forum.


-You can add MPLS link under sd-wan member and create sl after configuring static routes if you have a direct mpls link if the mpls has any ospf or BGP dynamic routes.

-Try to setup  sla pings and configure sd-wan rule to update the static routes table 


Refer to the below links :

update static route entry:


Best regards,


Top Kudoed Authors