Description This article describes how to configure BGP on Loopback with
SD-WAN to achieve correct BGP failover over the secondary tunnel in case
of failure. Scope FortiGate v7.0+. Solution How to configure BGP on
Loopback is not part of this article...
Description This article describes an example configuration for the
ADVPN scenario with BGP on Loopback. More details on advantages or
disadvantages can be found here: BGP on loopback. Scope FortiGate 7.0 or
higher. Solution The topology used in this...
Description This article will explain how FortiOS handles static route
with administrative distance 255. Scope FortiGate Solution From GUI and
CLI FortiOS will allow users to configure static route with
administrative distance 255. Lets demonstrate b...
Description This article describes the best practice for HUB in the
ADVPN scenario with multiple overlays. The focus will be on HUB because
ADVPN with SDWAN on HUB is not supported when this article is written.
It will be based on routing decisions o...
Description This article describes how to adjust interface’s subnet mask
in OSPF setup where interfaces involved in negotiation have different
subnet masks. Solution Interface subnet mask must be the same on both
interfaces that are negotiating OSPF ...
Hello, This depends on single thing. Are you using SNAT? And to what IP
address you are natting your traffic? If you have your own ip address
range that you are announcing to both ISPs, then it will work. But if
you are snating traffic to different I...
Hi, As Boris mentioned, first run debug flow where we will see exactly
which policy route and which route was selected. Then, for further
analysis we will need a bit more details about the config and routing.
get router info routing-table all diag fi...
Hello. List of questions: 1) Do you have static IP address or DHCP/PPPoE
on your ISP interfaces? 2) When you say ISP1 is down, do you mean that
ISP1 is not able to route traffic but physical connection is up,
correct? 3) How is your routing? Only sta...
Hi. Maybe I've missed something. But if you have default route via
port1, everything is working as expected. But if you remove default
route (port1) and keeps default via VPN and you add policy route (input
port2, output port1, ...) then it is not wo...
Hello, We don't have any document for best practice. From my experience,
default settings are usually good (except for some corner cases, for
example BGP, ether proto type, etc). If you want, you can check this
link. It is for old release, not suppor...