Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • SD-WAN Deployment for MSSPs

    Home FortiGate / FortiOS 6.4.0 SD-WAN Deployment for MSSPs
    6.4.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0

    Verifying configuration

    Verifying configuration

    Verification steps are similar to those described in the previous chapter.

    Navigate to SD-WAN => Monitor and confirm that all the Edge devices report the health of all their SD-WAN Members, now including the overlay tunnels towards the Secondary Hub:

    Similarly, confirm that the Edge devices now establish IPSEC tunnels to both Hubs and also learn BGP routes from both of them:

    Finally, the following outputs are shown for reference, from one of the Edge devices in our example:

    Overlay:

    site1-1 # get ipsec tunnel list

    NAME REMOTE-GW PROXY-ID-SOURCE PROXY-ID-DESTINATION STATUS TIMEOUT H1_INET 100.64.1.1:0 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 up 1370 H2_INET 100.64.2.1:0 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 up 2965 H1_MPLS 172.16.1.5:0 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 up 991 H2_MPLS 172.16.2.5:0 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 up 2962

    Routing:

    site1-1 # get router info bgp summary

    VRF 0 BGP router identifier 10.0.1.1, local AS number 65001

    BGP table version is 5

    1 BGP AS-PATH entries

    0 BGP community entries

    Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

    10.201.1.1 4 65001 1949 1948 2 0 0 02:22:14 4

    10.201.2.1 4 65001 82 80 3 0 0 00:05:43 3

    10.202.1.1 4 65001 2032 2030 1 0 0 02:28:39 4

    10.202.2.1 4 65001 84 80 4 0 0 00:05:42 3

    Total number of neighbors 4

    site1-1 # get router info routing-table bgp

    Routing table for VRF=0

    B 10.0.2.0/24 [200/0] via 10.201.1.3, H1_INET, 00:05:42 [200/0] via 10.202.1.3, H1_MPLS, 00:05:42 [200/0] via 10.201.2.2, H2_INET, 00:05:42 [200/0] via 10.201.1.3, H1_INET, 00:05:42 [200/0] via 10.202.1.3, H1_MPLS, 00:05:42 [200/0] via 10.201.2.2, H2_INET, 00:05:42

    B 10.1.0.0/24 [200/0] via 10.201.1.1, H1_INET, 02:22:16 [200/0] via 10.202.1.1, H1_MPLS, 02:22:16

    B 10.2.0.0/24 [200/0] via 10.201.2.1, H2_INET, 00:05:44 [200/0] via 10.202.2.1, H2_MPLS, 00:05:44

    SD-WAN:

    site1-1 # diagnose sys sdwan health-check

    Health Check(HUB):

    Seq(2 H1_INET): state(alive), packet-loss(0.000%) latency(2.011), jitter(0.285) sla_map=0x1

    Seq(3 H1_MPLS): state(alive), packet-loss(0.000%) latency(1.460), jitter(0.388) sla_map=0x1

    Seq(4 H2_INET): state(alive), packet-loss(0.000%) latency(1.798), jitter(0.221) sla_map=0x1

    Seq(5 H2_MPLS): state(alive), packet-loss(0.000%) latency(1.414), jitter(0.340) sla_map=0x1

    Health Check(Internet):

    Seq(1 port1): state(alive), packet-loss(0.000%) latency(12.951), jitter(1.766) sla_map=0x1

    Seq(3 H1_MPLS): state(alive), packet-loss(0.000%) latency(13.619), jitter(1.384) sla_map=0x1

    Seq(5 H2_MPLS): state(alive), packet-loss(0.000%) latency(14.344), jitter(1.669) sla_map=0x1

    Previous
    Next

    Verifying configuration

    Verifying configuration

    Verification steps are similar to those described in the previous chapter.

    Navigate to SD-WAN => Monitor and confirm that all the Edge devices report the health of all their SD-WAN Members, now including the overlay tunnels towards the Secondary Hub:

    Similarly, confirm that the Edge devices now establish IPSEC tunnels to both Hubs and also learn BGP routes from both of them:

    Finally, the following outputs are shown for reference, from one of the Edge devices in our example:

    Overlay:

    site1-1 # get ipsec tunnel list

    NAME REMOTE-GW PROXY-ID-SOURCE PROXY-ID-DESTINATION STATUS TIMEOUT H1_INET 100.64.1.1:0 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 up 1370 H2_INET 100.64.2.1:0 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 up 2965 H1_MPLS 172.16.1.5:0 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 up 991 H2_MPLS 172.16.2.5:0 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0 up 2962

    Routing:

    site1-1 # get router info bgp summary

    VRF 0 BGP router identifier 10.0.1.1, local AS number 65001

    BGP table version is 5

    1 BGP AS-PATH entries

    0 BGP community entries

    Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

    10.201.1.1 4 65001 1949 1948 2 0 0 02:22:14 4

    10.201.2.1 4 65001 82 80 3 0 0 00:05:43 3

    10.202.1.1 4 65001 2032 2030 1 0 0 02:28:39 4

    10.202.2.1 4 65001 84 80 4 0 0 00:05:42 3

    Total number of neighbors 4

    site1-1 # get router info routing-table bgp

    Routing table for VRF=0

    B 10.0.2.0/24 [200/0] via 10.201.1.3, H1_INET, 00:05:42 [200/0] via 10.202.1.3, H1_MPLS, 00:05:42 [200/0] via 10.201.2.2, H2_INET, 00:05:42 [200/0] via 10.201.1.3, H1_INET, 00:05:42 [200/0] via 10.202.1.3, H1_MPLS, 00:05:42 [200/0] via 10.201.2.2, H2_INET, 00:05:42

    B 10.1.0.0/24 [200/0] via 10.201.1.1, H1_INET, 02:22:16 [200/0] via 10.202.1.1, H1_MPLS, 02:22:16

    B 10.2.0.0/24 [200/0] via 10.201.2.1, H2_INET, 00:05:44 [200/0] via 10.202.2.1, H2_MPLS, 00:05:44

    SD-WAN:

    site1-1 # diagnose sys sdwan health-check

    Health Check(HUB):

    Seq(2 H1_INET): state(alive), packet-loss(0.000%) latency(2.011), jitter(0.285) sla_map=0x1

    Seq(3 H1_MPLS): state(alive), packet-loss(0.000%) latency(1.460), jitter(0.388) sla_map=0x1

    Seq(4 H2_INET): state(alive), packet-loss(0.000%) latency(1.798), jitter(0.221) sla_map=0x1

    Seq(5 H2_MPLS): state(alive), packet-loss(0.000%) latency(1.414), jitter(0.340) sla_map=0x1

    Health Check(Internet):

    Seq(1 port1): state(alive), packet-loss(0.000%) latency(12.951), jitter(1.766) sla_map=0x1

    Seq(3 H1_MPLS): state(alive), packet-loss(0.000%) latency(13.619), jitter(1.384) sla_map=0x1

    Seq(5 H2_MPLS): state(alive), packet-loss(0.000%) latency(14.344), jitter(1.669) sla_map=0x1

    Previous
    Next