Fortinet black logo

Examples

Home FortiManager 6.4.0 Examples

SD-WAN with ADVPN - single hub

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
Copy Link
Copy Doc ID 5ecc39ba-34cd-11eb-96b9-00505692583a:380098
Download PDF

SD-WAN with ADVPN - single hub

Note

You can use this section with FortiManager 6.4.1. and later that supports normalized interfaces and zones.

This section provides an understanding of the Fortinet secure SD-WAN configuration. The main objective of this section is to provide details on how to configure SD-WAN to cover the following use cases:

  • ADVPN
  • SD-WAN

In our example, we have a FortiGate at the Datacenter (FGT-DC6), another FortiGate at Branch 1 (FGT-6), and one more FortiGate at Branch 2 (FGT-7). All the FortGates have two links:

  • INET: To simulate a connection from the branch to the datacenter
  • MPLS: To simulate a backup connection from the branch to the datacenter

From both the branch FortiGates you will create IPsec tunnels OL_INET (over port2) and OL_MPLS (over port3) to the datacenter FortiGate.

The configuration in this example uses the following interfaces and IP addresses:

FortiGate

INET

MPLS

LAN

OL_INET

OL_MPLS

Datacenter

(FGT-DC6)

port2:

172.20.10.5 /24

Default Gateway:

172.20.10.254

port3:

172.20.9.5 /24

Default Gateway:

172.20.9.254

port10:

10.200.1.6/24

10.254.50.1

10.254.51.1

Branch 1

(FGT-6)

port2:

172.20.11.6/24

Default Gateway:

172.20.11.254

port3:

172.20.12.6 /24

Default Gateway:

172.20.12.254

port10:

10.100.6.1/24

10.254.50.2

10.254.51.2

Branch 2

(FGT-7)

port2:

172.20.11.7/24

Default Gateway:

172.20.11.254

port3:

172.20.12.7 /24

Default Gateway:

172.20.12.254

port10:

10.100.7.1/24

10.254.50.3

10.254.51.3

This section describes the following steps to configure a SD-WAN with ADVPN for a single hub deployment:

  1. Adding FortiGate devices to FortiManager.
  2. Configuring overlay connections.
  3. Configuring dynamic routing.
  4. Configuring SD-WAN.
  5. Using Intelligent Application Steering and Link Fail-over.
Previous
Next

SD-WAN with ADVPN - single hub

Note

You can use this section with FortiManager 6.4.1. and later that supports normalized interfaces and zones.

This section provides an understanding of the Fortinet secure SD-WAN configuration. The main objective of this section is to provide details on how to configure SD-WAN to cover the following use cases:

  • ADVPN
  • SD-WAN

In our example, we have a FortiGate at the Datacenter (FGT-DC6), another FortiGate at Branch 1 (FGT-6), and one more FortiGate at Branch 2 (FGT-7). All the FortGates have two links:

  • INET: To simulate a connection from the branch to the datacenter
  • MPLS: To simulate a backup connection from the branch to the datacenter

From both the branch FortiGates you will create IPsec tunnels OL_INET (over port2) and OL_MPLS (over port3) to the datacenter FortiGate.

The configuration in this example uses the following interfaces and IP addresses:

FortiGate

INET

MPLS

LAN

OL_INET

OL_MPLS

Datacenter

(FGT-DC6)

port2:

172.20.10.5 /24

Default Gateway:

172.20.10.254

port3:

172.20.9.5 /24

Default Gateway:

172.20.9.254

port10:

10.200.1.6/24

10.254.50.1

10.254.51.1

Branch 1

(FGT-6)

port2:

172.20.11.6/24

Default Gateway:

172.20.11.254

port3:

172.20.12.6 /24

Default Gateway:

172.20.12.254

port10:

10.100.6.1/24

10.254.50.2

10.254.51.2

Branch 2

(FGT-7)

port2:

172.20.11.7/24

Default Gateway:

172.20.11.254

port3:

172.20.12.7 /24

Default Gateway:

172.20.12.254

port10:

10.100.7.1/24

10.254.50.3

10.254.51.3

This section describes the following steps to configure a SD-WAN with ADVPN for a single hub deployment:

  1. Adding FortiGate devices to FortiManager.
  2. Configuring overlay connections.
  3. Configuring dynamic routing.
  4. Configuring SD-WAN.
  5. Using Intelligent Application Steering and Link Fail-over.
Previous
Next