We're in the process of helping a client simplify their network and had a thought during the design phase.
SD-WAN will be used at the main site for their internet circuits - that part's easy. They also have multiple 1Gbit fiber circuits with different carriers that connect to their remote campuses. Normally we would choose one of the following:
[ol]We really like SD-WAN - the abstraction is very helpful and so easy to setup! What if we could leverage SD-WAN for the internal fiber links? I don't see a way to add another SD-WAN (virtual-wan-link) to a Fortigate, so it appears we're limited to just one. We could turn up another VDOM and use SD-WAN there for the fibers, but that adds a layer of complexity to troubleshooting that I don't want to put on the client. Any thoughts? Is this crazy talk? See the diagram for clarity.
As a followup to this for those that want the full picture.
We will have multiple VDOMs on the main Fortigate with matching VDOMs on the branch campus Fortigates (employees, residents, clients). This traffic should remain separated, so we're using EMAC VLANs and assigning each EMAC VLAN to the appropriate VDOM. Then the default route for the branch employee VDOM is the employee VDOM at the main site, the route for the branch resident VDOM is the main resident VDOM, etc. If you've done a design like this before let us know your experience.
That's the complaint I made to a FTNT SE. With the current only-one-instance design, only thing you can do is to use members in a rule, like rule#1 includes only wan1 and wan2, rule# includes internal4 and internal5, etc., which could easily confuse admins and high probability of misconfiguration.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.