- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
SD WAN Configuration
Hi,
we are changing a FG cluster and are thinking of activating a SD WAN for failover purpose. The old/actual config has 2 WANs we separate via Routing and Policies which doesnt really make sense and we loose failover options.
Now the thing is how to configure the SD WAN. Basically we want 100% over WAN A but with Failover options to WAN B. Also we dont know if this is ideal since we than hardly use WAN B (all important VIPs are in WAN B) but because of problems with websites that are caching the public IP we cant predict if we get lots of problems from all our users in 50 different branches.
What would be the best option? How can we configure 100% (cannot choose 0) over WAN A and have a working failover configuration.
Thanks in advance,
Roland
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for reaching out the Fortinet community.
If you prefer one WAN link over another, you can configure SD-WAN rules to prioritize traffic. SD-WAN rules are checked from top to bottom (first match).
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/723448/manual-strategy
If the traffic matches the rule criteria, the traffic will go out from the first available interface based on the interface preference. This strategy does not depend on performance SLA or SLA targets.
SFA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Alif,
thanks for your comment.
I would like to know if it is really recommended using SD WAN with more WAN Interfaces. We did some SD Wan configurations with smalles clients and we never had any problems beside of the problems when some websites only allow certain IPs.
Here it is a little bit different because this cluster is in a CPD and both WANs have high bandwith (1GB) and we have now the option to improve the configuration with this new cluster config.
Thanks,
Roland
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
well it totally depends how you would prefer to have the setup.
Without SD-WAN, you can modify the distance/priority settings as explained in the below link.
If you have high bandwidth available on both (or multiple) links and would prefer to have load-balance the traffic, SD-WAN will give the flexibility to prefer any specific traffic over one link and load-balancing the remaining traffic equally on each link.
SFA