Hello Everyone,

I am looking into how to connect several sites to each other, who all have a primary broadband WAN connection and a 5G backup WAN connection, all with static IPs. Our current site-to-site connections are only configured to use one WAN connection on each end, so when the office broadband connection goes down on occasion, the office has internet access via the 5G but no VPN access because it is configured for the single interface. There seem to be multiple paths i could take here and none of them seem as simple as i thought they would be. 

Our network mainly consists of all Fortigate devices. F40s, 60Fs, a 61F, a 71F, and some 81Fs at our two data centers.

Approximately 15 of our sites, including our data centers, LANs are already connected to eachother via L3VPN managed by Windstream, connected to their SDWAN solution, VeloCloud, and routed to eachother via BGP.

The other 15 sites are not on any kind of managed SDWAN solution at this time. Each site has a primary broadband WAN connection, and a backup 5G connection. They are currently setup to connect to our data center via IPSEC site-to-site at our main data center, 81F-ColoPrimary. The problem we want to solve is when their primary broadband connection goes down, is to stay connected to our data centers.

Our goal is:

• Approximately 15 sites backup 5G ISP WAN connections be configured with both connections into an SDWAN zone, configured to fail over to the backup WAN if the primary connection is unusable
• This has been done on 40F-Test and 40F-Dover2 with a very basic config
• Configure them so they can connect to eachother and access eachothers internal LAN subnets through either WAN interface, through IPSEC tunnels or another means
• Utilize a routing protocol such as BGP so the sites can talk directly to eachother if feasible

So i found this tech tip article and started going through it on our test Fortigate-Test. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-IPsec-VPN-with-SD-WAN/ta-p/20984...