Is FortGiate SDWAN support ADVPN in hub to spoke, spoke to sub-spoke deployment approach

ck8882 · ‎06-01-2023

Hi All

Is it fortigate support deploy hub to spoke and spoke to sub-spoke deployment approach? on top this diagram, is it feasible support with ADVPN deployment between sub-spoke? The connection Like below

HUB <--> Spoke <---> multiple other site sub-spoke (ADVPN between sub-spoke)

thanks

gfleming · ‎06-01-2023

Yes possible however you would be looking at a multi-hub / multi-region design. So the intermediate device would be considered a hub, not a spoke and would have connection/peering to the other hub and the spokes below it.

https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-sd-branch-architecture-for-mssps/435097/de...

Cheers,
Graham

ck8882 · ‎06-01-2023

Thanks for your information,

Could it be consider non standard fortinet practice design and possible won’t get fortinet support if there is issue happen since fortinet never verified the design whether is working?

Thanks

gfleming · ‎06-02-2023

As long as you configure your intermediate device as a Hub then you are all good. Just read those docs and understand the configuration for multi-hub/region deployment and go for it.

In your case it iwll look like this:

HUB1 <--> HUB2 <---> multiple other site spokes (ADVPN between HUBS and HUB2 and Spokes

Cheers,
Graham

Is FortGiate SDWAN support ADVPN in hub to spoke, spoke to sub-spoke deployment approach

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website