Hello,
I have a customer that has added another internet connection to the firewall and I want to build out SD-WAN with failover. I get the setup part but how do I deal with the interfaces. What do I do with all tunnels off the interface?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
VPN Tunnels and I guess also vlans on the wan interfaces are not affected by sdwan. They still use the physical interface. I just can't say for sure concernign vlans as I don't have vlans on the wan interfaces here. You will just have to replace your wan interfaces by the sdwan interface in your internet policies.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thanks for the comment.
This had been built out by someone else and quite a while ago so looking at this more I've decided to essentially peel everything off WAN1 and rebuild it out with the SD-WAN. It has a secondary internet connection being feed via WAN1 along with the primary internet connection so that doesn't really give me the redundancy I'm looking for.
With configurations that have two ISPs w/ VPN tunnels and no SD-WAN I would have a tunnel off WAN1 and "backup" tunnel off WAN2 so would I not need both with SD-WAN? One VPN tunnel for the SD-WAN interface?
At least IPSEC cannot use a dynamic interface because you must give a specific remote gw on the tunnel's opposite end. You could only have one FQDN per interface in sdwan. Sdwan itself is not an option here because it depends on your rules and setings which interface in sdwan is used at which time. If you used FQDN on SDWAN as remote gw this would cause a load of drop outs or Flickering on the tunnels I guess.
I however prefer having one tunnel per wan for redundancy. I cope this with priority based routing. this works fine, has defined ends for remote gw and does tunnel fallback when the primary wan goes down to the second tunnel and back again.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.