Greetings,
I am thinking about changing my infrastructure to Fortinet's SD-WAN and I have one question please.
I have 5 branches and 1 HQ.
Each branch has:
- 1 x fixed line internet (DIA) with public WAN IP and
- 1 x 4G internet with private WAN IP that is being nated on one ISP router (not at my premises) to a random public IP address.
- I will install one fortigate in each branch
HQ has:
- 1 x fixed line internet (DIA) with public WAN IP
- I will install one fortigate and one fortimanager
My question is:
How can I establish IPSec tunnels between my HQ DIA and the branches 4G internet links while having the above issues?
Please keep in mind that my ISP can't do any change in my 4G link.
Thanks in advance.
BR
should be no problem as long as you have static wan ips everywhere. Then on the router you need to have a portforward for 500/UDP (IPSec) and 4500/UDP (NAT-T if you use it) to the FGT behind the router so IPSec can reach it. Or set HQ to passive mode so it doesn't negotiate the ipsec and have the branch do that. In this case you don't need the port forwards.
On Branch create an sdwan zone to have it switch the tunnels.
Works fine here with static wan ips and s2s ipsec.
There however is issue when you don't have static wan ip somewhere or/and you cannot use s2s.
I am still trying to convice TAC that this is due to bugs in FortiOSes IPSec stack...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
bascially these issues are:
I do have a TAC case open on these but still they haven't even acknowledged that being a bug.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.