Hoping someone can point me in the right direction here.
Client has a Data Centre and 4 remote sites. FortiGates are in SDWAN.
Data Center has a IPSEC tunnel to each site and one MPLS link to the sites.
Sites has a IPSEC tunnel to the DC and one MPLS link.
Now we can't put performance SLAs on the MPLS link to each site from the DC as we can't remove specific routes, so if one site goes down, the FortiGate removes all static routes on the MPLS interface and all sites go down on MPLS from the Data Centre.
I thought about doing IPSEC tunnels over MPLS but there are some services that require site to site access, like viewing of cameras and AD, which we don't want to bottleneck over the Data Centre.
I could look at seperate tunnels between site to site.
Otherwise what options would we have here? I am looking for simplistic options, not ADVPN, sites are small. There is mainly one or two subnets at each site. I just want a simple effective solution without going into too much hassle.
The main objective is if the MPLS goes down, the IPSEC Tunnel will be used and at the moment it is a manual change of SD WAN rule on both sides.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.