Description This article describes how to configure BGP on Loopback with
SD-WAN to achieve correct BGP failover over the secondary tunnel in case
of failure. Scope FortiGate v7.0+. Solution For configuration
information, visit the following KB articl...
Description This article describes an example configuration for the
ADVPN scenario with BGP on Loopback. More details on advantages or
disadvantages can be found here: BGP on loopback. Scope FortiGate v7.0
or higher. Solution The topology used in thi...
Description This article will explain how FortiOS handles static route
with administrative distance 255. Scope FortiGate Solution From GUI and
CLI FortiOS will allow users to configure static route with
administrative distance 255. Lets demonstrate b...
Description This article describes the best practice for HUB in the
ADVPN scenario with multiple overlays. The focus will be on HUB because
ADVPN with SDWAN on HUB is not supported when this article is written.
It will be based on routing decisions o...
Description This article describes how to adjust interface’s subnet mask
in OSPF setup where interfaces involved in negotiation have different
subnet masks. Solution Interface subnet mask must be the same on both
interfaces that are negotiating OSPF ...
Hi, True. For that are SDWAN zones. Recommended best practice is to
group interfaces with similar access rights, technology etc into same
zone - for example internet zone, VPN zone, etc. And then if you have
traffic for VPN zone only, firewall policy...
Hello, No, this SDWAN on FortiOS does not support. You can only use
standard blackhole routes but only if you are using update-static-route
enabled in health-checks (because of AD values). But this is not very
nice solution, much better at least in m...
Hello, This depends on single thing. Are you using SNAT? And to what IP
address you are natting your traffic? If you have your own ip address
range that you are announcing to both ISPs, then it will work. But if
you are snating traffic to different I...
Hi, As Boris mentioned, first run debug flow where we will see exactly
which policy route and which route was selected. Then, for further
analysis we will need a bit more details about the config and routing.
get router info routing-table all diag fi...
Hello. List of questions: 1) Do you have static IP address or DHCP/PPPoE
on your ISP interfaces? 2) When you say ISP1 is down, do you mean that
ISP1 is not able to route traffic but physical connection is up,
correct? 3) How is your routing? Only sta...