Hi Guys, I need to connect HQ and branch site using IPSec VPN. Both sites have 2 ISP. My first option is using SDWAN feature and the second option is IPsec aggregate. I would like to know your thoughts on which one is better for high availability and load balance.
That depends. If you want/need to closely monitor usage on each circuit/vpn and adjust what traffic needs to go which path, you have to use SD-WAN. But if you don't care how much each circuit is used and just want to trust&forget once it set up, I would go to the aggregate.
1> I look at it this way, if you want redundant vpn just do legacy vpn and adjust route metric for the preference ipsec-link.
2> If you want to load both and share traffic across both, SDWAN is the 1st & best way.
In fact I would use it for the 1st item above if you want to write rules to use SDWAN member 1 over member 2 and only use 2 if member1 is down. SDWAN is very flexible in fortiOS. You can do so much with it, it's just amazing.
Ken Felix
PCNSE
NSE
StrongSwan
i think the main way nowdays is the sdwan, gives you more flexible configuration and majority power on the monitor.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.