SD-WAN with ADVPN - single hub
You can use this section with FortiManager 6.4.1. and later that supports normalized interfaces and zones. |
This section provides an understanding of the Fortinet secure SD-WAN configuration. The main objective of this section is to provide details on how to configure SD-WAN to cover the following use cases:
- ADVPN
- SD-WAN
In our example, we have a FortiGate at the Datacenter (FGT-DC6), another FortiGate at Branch 1 (FGT-6), and one more FortiGate at Branch 2 (FGT-7). All the FortGates have two links:
- INET: To simulate a connection from the branch to the datacenter
- MPLS: To simulate a backup connection from the branch to the datacenter
From both the branch FortiGates you will create IPsec tunnels OL_INET (over port2) and OL_MPLS (over port3) to the datacenter FortiGate.
The configuration in this example uses the following interfaces and IP addresses:
FortiGate |
INET |
MPLS |
LAN |
OL_INET |
OL_MPLS |
---|---|---|---|---|---|
Datacenter (FGT-DC6) |
port2: 172.20.10.5 /24
Default Gateway: 172.20.10.254 |
port3: 172.20.9.5 /24
Default Gateway: 172.20.9.254 |
port10: 10.200.1.6/24 |
10.254.50.1 |
10.254.51.1 |
Branch 1 (FGT-6) |
port2: 172.20.11.6/24
Default Gateway: 172.20.11.254 |
port3: 172.20.12.6 /24
Default Gateway: 172.20.12.254 |
port10: 10.100.6.1/24 |
10.254.50.2 |
10.254.51.2 |
Branch 2 (FGT-7) |
port2: 172.20.11.7/24
Default Gateway: 172.20.11.254 |
port3: 172.20.12.7 /24
Default Gateway: 172.20.12.254 |
port10: 10.100.7.1/24 |
10.254.50.3 |
10.254.51.3 |
This section describes the following steps to configure a SD-WAN with ADVPN for a single hub deployment: