Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
littlefurball
New Contributor

Fortigate 200E deployment Site to Site VPN

Dears

 

I'm new and not so good with Firewall, please pardon me if i ask dumb question.

 

Our HQ and Branch are switching from Cisco to Fortigate Firewall. We are 7000 miles apart. Our current connection from HQ to Branch is via MPLS AT&T connection but due to $$$. We are considering Site to Site VPN option. Is it feasible?

 

Will there be bandwidth performance issue for site to site VPN? Is 50Mbps enough for site to site ? After connecting HQ to Branch with site to site IPSEC VPN config, can my branch office still access the internet locally?

For overseas users, that wants to connect to branch office via remote IPSEC or SSL vpn connection. Is it still configurable with site to site in placed? For our current IPSEC cisco remote VPN connection configuration, once the users are connected via IPSEC VPN, they have no internet connectivity. They have to use proxy in internet options but is very slow. For Fortigate, can users get internet while connected on VPN (IPSEC) ? what are the options? What are the typical practical problems with Site to Site VPN ?

Thank you !

Your Sincerely

Littlefurball

 

3 REPLIES 3
Toshi_Esumi
Esteemed Contributor III

If it's really 7,000 miles apart over the ocean, a VPN is regularly the first option to consider due to the cost. Even with Cisco-cisco vpn, you can split the tunnel to let internet go local with a proper ACL. And any firewalls like FortiGate can handle the same.

VPN has some overhead but the biggest factor is encryption/decryption performance. Virtually all firewall manufacturers list IPsec throughput on their deatasheet. You should refer to those numbers. It's completely up to your applications/purposes of the site-to-site connection what kind of bandwidth you need.  

Toshi_Esumi
Esteemed Contributor III

Also many conversations exist in the forum about remote-access vpn + site-to-site VPN to let remote users to go across the site-to-site VPN.

littlefurball

ありがとうございます Toshi-san. Will check out the forum more about site to site and remote access vpn.

Labels
Top Kudoed Authors