Hi,
we are changing a FG cluster and are thinking of activating a SD WAN for failover purpose. The old/actual config has 2 WANs we separate via Routing and Policies which doesnt really make sense and we loose failover options.
Now the thing is how to configure the SD WAN. Basically we want 100% over WAN A but with Failover options to WAN B. Also we dont know if this is ideal since we than hardly use WAN B (all important VIPs are in WAN B) but because of problems with websites that are caching the public IP we cant predict if we get lots of problems from all our users in 50 different branches.
What would be the best option? How can we configure 100% (cannot choose 0) over WAN A and have a working failover configuration.
Thanks in advance,
Roland
Thank you for reaching out the Fortinet community.
If you prefer one WAN link over another, you can configure SD-WAN rules to prioritize traffic. SD-WAN rules are checked from top to bottom (first match).
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/723448/manual-strategy
If the traffic matches the rule criteria, the traffic will go out from the first available interface based on the interface preference. This strategy does not depend on performance SLA or SLA targets.
Hi Alif,
thanks for your comment.
I would like to know if it is really recommended using SD WAN with more WAN Interfaces. We did some SD Wan configurations with smalles clients and we never had any problems beside of the problems when some websites only allow certain IPs.
Here it is a little bit different because this cluster is in a CPD and both WANs have high bandwith (1GB) and we have now the option to improve the configuration with this new cluster config.
Thanks,
Roland
well it totally depends how you would prefer to have the setup.
Without SD-WAN, you can modify the distance/priority settings as explained in the below link.
If you have high bandwidth available on both (or multiple) links and would prefer to have load-balance the traffic, SD-WAN will give the flexibility to prefer any specific traffic over one link and load-balancing the remaining traffic equally on each link.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.