Hey guys, I’m setting up a failover connection for a larger corporate office and I’m deciding between two options: BGP or SDWAN. I’ve created two graphs below to illustrate both scenarios.
Do you think SDWAN would be the better choice? Since everything is Active/Passive, I’m thinking I’d need to set up a broadcast domain on the Cisco switch stack and a few LACP links from the FortiGate to the switch’s broadcast domain to ensure SDWAN works during failover. But honestly, that feels a bit over-engineered compared to just managing it all on the Cisco stack with BGP.
What are your thoughts?
With your design, it's not about SD-WAN vs. BGP, but it's about FGT's WAN failover or Catalyst's WAN failover.
For the former, the wan public IPs are terminated at the FGT, while for the latter set up, the Catalysts would terminate them and interconnect between the Catalysts and the FGTs. 
I prefer the former because anything I would like to do with those public IP like VIPs etc. can be done at the FGTs. Of course you would be able to do it at the Catalysts if you want.
So it's just a matter of preference to me.
Toshi
Created on 10-21-2024 01:18 PM Edited on 10-21-2024 01:19 PM
Also, if they're terminated at the FGT and you only need the entire circuit fail-over, you can accomplish the objective with a link-monitor on the primary circuit. SD-WAN is not the only option with FGTs. It's the same with Cisco's IP SLA.
Toshi
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2678 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.