Hi ,
was watching couple videos about sdwan and how to set it up, all videos shows to send all traffic via sdwan. But is this possible to send some traffic via sdwan and other via regular wan interfaces and via ipsec also ? Can anyone share any link or steps how to do this?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I also have the same question and additional enquiry:
1. Can the same sdwan interface support SDWAN and also ipsec tunnel to other non sd-wan locations ?
2. Can the same sdwan interface support inbound internet traffic to DMZ ?
TQ
1. yes as we have that running here
2. don't know as we don't use that
To the Thread-Starter:
the problem is not the traffic - the problem is the routing.
if you run ipsec the rouing over ipsec uses the tunnel interface.
But if you want to route internet traffic besides sd-wan that would require an additional default route.
Unfortunately sd-wan is a stupid monarch and doesn't allow this at all. Also you won't be able to use Interfaces in policies that are members of sd-wan...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
"Unfortunately sd-wan is a stupid monarch and doesn't allow this at all. Also you won't be able to use Interfaces in policies that are members of sd-wan..." Do u mean so even if I create second default route trough regular WAN to send some traffic Fortigate will anyway send traffic via SDWAN ?
it won't even let you create a second default route if you use sd-wan...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thank you
Yes!! you can add IPSec interfaces as SDWAN interfaces and create sdwan rules to do that. Or just (but more complicated to manage) add static routes to destinations for other wans and IPSec to reach internet.
Hi,
@bfakhriddi. Consider using policy routes,
Policy routes takes precedence over SDWAN rules, in way you can configure a policy route to route traffic of certain destination to the interfaces which you prefer, please try it.
Am currently running FortiGate with firmware version 6.4.3 and FortiClient version 7.2.2. The challenge arises when attempting to establish SSL VPN connections on macOS devices. While the connection initiation seems smooth, users are reporting intermittent disconnections, and in some cases, the VPN drops altogether with a error message stating "SSLVPN connection terminated (Error -12)".
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.