Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
superbopy
New Contributor

Created on ‎02-19-2025 12:05 AM

[SD-WAN] configure SD-WAN for an IPSEC Tunnel and a local radio link

Good day, my name is gafar.

 

I have a case in my office, which is to setup SD-WAN between two Fortigate site office and Head Office (HO). we use two links, one is a local radio link via connection provider (L2) and another one is through IPsec Tunnel via internet (Starlink). Can someone point me a guide for this? because i already tried the guide below, but it doesnt seems to fit the purpose, since one of the links are just a LAN.

 

Technical-Tip-Configure-IPsec-VPN-with-SD-WAN 

 

Also, kinda confused with the local and remote address in ipsec sdwan, should we create all the IP subnet in the routing table as a remote address in ipsec configuration?

 

below i attach the simple topology.

 

 

 

 

topology SDWAN Ipsec.png

 

Thanks before.

 

Gafar.

 

Labels:
163
0 Kudos
3 REPLIES 3
Stephen_G
Moderator
Moderator

Created on ‎02-21-2025 10:58 AM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen - Fortinet Community Team
119
0 Kudos
Fab-S
New Contributor II

Created on ‎02-23-2025 02:01 AM

Hi Gafar,

 

Did you see this link:

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/402352/network-topologies
I guess you should find what you're looking for....

Otherwise, find below a very basic site-to-site IPsec configuration that you could fine tune regarding your needs.

config vpn ipsec phase1-interface

    edit "Tun0"

        set interface "port2"

        set ike-version 2

        set peertype any

        set net-device disable

        set proposal des-sha1

        set dhgrp 14

        set nattraversal disable

        set remote-gw 210.0.X.X

        set psksecret ENC xxxxxxx

    next

…….

config vpn ipsec phase2-interface

    edit "Tun0"

        set phase1name "Tun0"

        set proposal des-md5 des-sha1

    next

 

Regards

Fab.S
Fab.S
105
Fab-S
New Contributor II
In response to Fab-S

Created on ‎02-23-2025 02:09 AM

After that, you have to add your IPsec Interface as a member and create a zone in which you place your members (IPsec interface and other).
This second step is described here: https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/942095

Fab.S
Fab.S
101
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.