Good day, my name is gafar.
I have a case in my office, which is to setup SD-WAN between two Fortigate site office and Head Office (HO). we use two links, one is a local radio link via connection provider (L2) and another one is through IPsec Tunnel via internet (Starlink). Can someone point me a guide for this? because i already tried the guide below, but it doesnt seems to fit the purpose, since one of the links are just a LAN.
Technical-Tip-Configure-IPsec-VPN-with-SD-WAN
Also, kinda confused with the local and remote address in ipsec sdwan, should we create all the IP subnet in the routing table as a remote address in ipsec configuration?
below i attach the simple topology.
Thanks before.
Gafar.
Hello,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hi Gafar,
Did you see this link:
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/402352/network-topologies
I guess you should find what you're looking for....
Otherwise, find below a very basic site-to-site IPsec configuration that you could fine tune regarding your needs.
config vpn ipsec phase1-interface
edit "Tun0"
set interface "port2"
set ike-version 2
set peertype any
set net-device disable
set proposal des-sha1
set dhgrp 14
set nattraversal disable
set remote-gw 210.0.X.X
set psksecret ENC xxxxxxx
next
…….
config vpn ipsec phase2-interface
edit "Tun0"
set phase1name "Tun0"
set proposal des-md5 des-sha1
next
Regards
After that, you have to add your IPsec Interface as a member and create a zone in which you place your members (IPsec interface and other).
This second step is described here: https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/942095
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.