Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tutek
Contributor

Created on ‎04-06-2023 10:56 PM

Routing in Fortios 7

Hi,

please explain me, after upgrade from 6.4.12 to 7.0.11 router add all my sd-wan zones to static route default route, now I have there virtual-wan-link and all my sdwan zones, before upgrade I had only there virtual-wan-link (my wan1 and wan2 interfaces) - I don't understand this change, I have static routes to my sd-wan networks so why now default route towards my sd-wan sites?

Clipboard01.jpg

 

 

Labels:
539
0 Kudos
4 REPLIES 4
akristof
Staff
Staff

Created on ‎04-06-2023 11:42 PM

Hello,

It is because from 6.4 to 7.0 there is change how SDWAN zones work. So before, you had route via SDWAN only. In order to keep connectivity, FortiGate added basically all members as interface. So now you can adjust it, you can remove any zone/interface that does not have internet access, for example VPNs.

Adrian
534
0 Kudos
Tutek
Contributor

Created on ‎04-07-2023 02:46 AM

These sd-wan zones are my VPN sites, they use internet from HQ fortigate, but I still don't understand why default destination is to all my sd-wan zones. Where could I read about the changes that have occurred in sdwan in fortios 7?

526
0 Kudos
akristof
Staff
Staff
In response to Tutek

Created on ‎04-07-2023 03:05 AM

On 6.4, you probably had default route via SD-WAN interface, right? Even if you had zones, in 6.4 it was only grouping for easier management. But for static routes you had to chose either SDWAN virtual interface or individual members.

From 7.0, you don't have SDWAN virtual interface, but you have zones. So the config converted it that instead single SDWAN virtual interface that was available in 6.4, in put every zone as destination to preserve connectivity.

Adrian
523
0 Kudos
Tutek
Contributor

Created on ‎04-07-2023 05:20 AM Edited on ‎04-07-2023 05:39 AM

I should connect to branch sdwan zone only for specific networks, not all 0.0.0.0/0 so I have for every branch network that is placed behind sdwan zones static routes configured like:

Clipboard02.jpg

so I should connect to network 10.17.0.0/20 using sdwan zone let's name it "zone1" and I have something like this configured, I don't need destination 0.0.0.0/0 to be pushed using "zone1" - like it is now.

So this mean I should remove all specific destinations networks behind sdwan zones that I have configured, and should leave only this modified static route with 0.0.0.0/0 toward all sdwan zones?

516
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.