- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- New to Fortinet and SD-WAN
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
New to Fortinet and SD-WAN
Hello,
I'm in the final choice for a SD-WAN solution, and Fortinet seems very interesting. But i have only a few demo and commercial inputs.
I have a classic network with a HQ Datacenter, and a lot of remote sites, all connected with MPLS, no NAT and dynamic OSPF routing (manage by a Cisco L3 switch , and MPLS Link pass through an ASA Firewall).
I want to add bandwidth in remote site with a second MPLS Link and a Internet Link for a total of 3 Wan Links.
So could i have some real experience of SD-WAN architecture that can answer theses questions :
- i will have 1 MPLS 10MB + 1 MPLS 4MB + 1 INTERNET 10MB ; can i put all 3 in one SD-WAN interface, and manage routing/priority with rules likes application / dst IP or TCP Port ? Exemple the main https application pass thru the 10MB MPLS wan interface ?
- i have to create a VPN Tunnel on the Internet Wan Interface to the HQ ?
- Can the remote network behind the Fortinet (and SD-WAN) can be announce with OSPF ?
- There is a central web interface to manage all the Fortinet ?
Maybe some basic questions, but there is a lot of solution now and hard to make a choice ...
Thank's
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- i will have 1 MPLS 10MB + 1 MPLS 4MB + 1 INTERNET 10MB ; can i put all 3 in one SD-WAN interface, and manage routing/priority with rules likes application / dst IP or TCP Port ? Exemple the main https application pass thru the 10MB MPLS wan interface ?
No , that's not how it work, you Could apply MPLS10/4 and load-share and balance the traffic over those two links and the virtual-wan. Remember when you use SD-WAN the individual links are not configurable in a policy
- i have to create a VPN Tunnel on the Internet Wan Interface to the HQ ?
That should be doable in FortiOS and with SD-WAN interface
- Can the remote network behind the Fortinet (and SD-WAN) can be announce with OSPF ?
Not following you, but BGP is support in the new SD-WAN .Never seen it deployed fwiw
- There is a central web interface to manage all the Fortinet ?
Not following you, but are you asking about a fortimanager ?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Adding some of my cheese:
- OSPF:
why do you think you can NOT publish the network behind the FGT on OSPF? Isn't that what dynamic routing protocols are there for? I don't have one running but I assume yes, that's the way it works. Have a quick look at the Handbook, Advanced Routing.
- VPN:
if you create a SD-WAN (lb) interface the VPN would be a sub-interface to it. You cannot use the individual ports which make up a SD-WAN port, as mentioned.
Will be funny if the external IP address changes. Dial-out VPN is OK with this but site-to-site??
- central mgmt:
no, each FGT/cluster is managed by it's own web GUI/ssh CLI. For logging and reporting, use a FortiAnalyzer. For handling configurations, templates, firmware bulk upgrades, there is the FortiManager. I personally don't like it but have a look yourself (demo VM running for 14 days for free).
I've recently seen a network of FGTs where each FGT was managed on it's loopback interface. All those addresses came from a 'supernet' comprising all FGTs. Nice touch as they will be accessible over any interface (if allowed).
Ede
"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank's for you informations. I read a lot and i can see that the Fortinet OS has a lot of possibilities. Not sure that SDWAN is the only option, i can make what i want with multiple WAN access and rules. But the idea of the SDWAN is to deploy a remote site faster with template
Related Posts
- Management and internal 47 Views
- Linux forticlient-cli with enable_local_lan 45 Views
- Fortigate defined vlan to new fortiswitch 79 Views
- Accessing SSL VPN addresses from a... 49 Views
- WAF signatures 68 Views
Labels
-
FortiGate
6,555 -
FortiClient
1,307 -
5.2
801 -
5.4
639 -
FortiManager
565 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
336 -
FortiAP
336 -
FortiClient EMS
264 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
Firewall policy
24 -
FortiConnect
24 -
SD-WAN
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
IP address management - IPAM
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
Traffic shaping policy
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiDB
3 -
Port policy
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
Fortinet Engage Partner Program
2 -
TACACS
1 -
4.0MR1
1 -
Schedule
1 -
Users
1 -
SDN connector
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Web rating
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Multicast routing
1 -
Email filter profile
1 -
Zone
1 -
Internet Service Database
1 -
Explicit proxy
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.