Redundant wan link for Internet, IPSec and SSL VPN on Fortigate 5.6
I have to implement redundant wan link and as per reading I think SD WAN is mostly towards load balancing. I have seen couple of videos of link monitoring and setting up redundant wan link. I also saw a video or read some where to create Zone instead of creating dual policies. Not sure if I recall well but it will be problem creating dual policies for WAN1 and WAN2.
Also my plan is to have redundancy for IPSEC and SSL VPN.
Can anyone guide me how to implement Reduandant link with best practices that includes less firewall rule like not creating two rule i.e. one for wan 1 and one for wan2.
How can I implement IPsec and SSL Vpn using reduandant link.
SDWAN by default will give you redundancy .You can also set link load balancing where you can select weight LB .If you need primary link to take full load then give 90% weightage to WAN1 and 10% to WAN2 or you can use Spillover as well .
SSL VPN can be accessed by both the links simultaneously .Better to FQDN for VPN in your public DNS and assign 2 A record WAN1 and WAn2 IP.
May I ask a question about SSLVPN be used in SD-WAN environment. my Fortigate 100E's firmware is 6.x , and I configured two ISP's internet cables to WAN1 and WAN2. The SD-WAN is configured ok and work well. After an SSL VPN configuration completed and launched Forti-client to connect this Fortigate 100E unit. SSLVPN connect is ok but will disconnect after several minutes. I check two internet connection . One of them is down as well, but it will up after 4 -5 seconds, and then the Forti-client appears an alarm message about the SSL VPN connection is down. I can reconnect the SSL VPN from Forti-client. But the same disconnect issue will be repeat again. Google someone solved it by adding instructions as below,
config vpn ssl settings
set route-source-interface enable
but I can't find out the "route-source-interface" parameter in the set command. any suggestion about this issue?
Thanks for your reply. It solved my problem. now a new firmware version 6.0.4 is released. Should I upgrade it since I searched this problem yesterday in the forum and found someone can't solve this problem by adding these instructions at version 6.0.3
I have a similar isssue, I have a External VDOM with two PPPoE interfaces over SDWAN, I try to use a to SSLVPN over one PPPoE but not working, I not see the sslvpn portal from internet, I review the logs and see that this traffic is deny for local-in-policy, ¿any idea?
My version is 6.0.4.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.