SD-WAN /Load Balancing/Link Failure/Dual ISP Configuration in Fortigate Firewall [7.x.x]
Vložit
- čas přidán 2. 08. 2024
- How to configure SD-WAN
How to configure 2 ISP SD WAN for Load balancing
Testing link failure with 2 ISP links using SD-WAN policy
Network Topology: techtalksecurity.blogspot.com...
KB: docs.fortinet.com/document/fo...
Note: * LB algorithm can only be configured for the implicit SD-WAN rule via CLI and GUI (not possible with custom user defined rule with the version 7.0.0) - Věda a technologie
Very nice content. Thanks for sharing
Clear explanation, thank You.
Thank you very much for the video
Nice one. Thanks.
Thank You
You are the mentor.. great learning video. Have u have published any video on guest wifi captive portal also? If not make one with using external captive portal.
Thank you !!! I can cover the captive portal in my future tutorials.
Thank you
Hi TechTalkSecurity, 3 quick questions about testing your SLA.
If you ping Google every 500ms (twice a second), can that generate a warning from Google (or other destination) as abuse as that's thousand of pings per hour from one IP. Read that anything over 1 ping every 18 seconds may flag you as a robot and will then ignore your pings (on a consumer account)
Also, will the ping every half second affect the general network? Yes, I know it's small but maybe the constant traffic would affect something?
Lastly, can the performance monitoring (latency, jitter, etc.) be used on the Fortigate without SD-WAN? Just using a basic internet connection (i.e. a simple home circuit)?
1) Most of the clients uses 8.8.8.8 and have not reported any issues so far. It may be possible that google may start flagging any of these activity as automated. But I have not heard anything like this yet.
2) There is no significant impact on the firewall performance while procession the data traffic. There are times when you will have to tune it to avoid any issues. Some times the data traffic may alos cause these monitoring ping to get delayed or dropped as ICMPs are less prioritised as compare to TCP/UDP on most of the firewall
3) Yes we can configure link monitoring using latency, delay , jitter etc. for non SD-WAN functionality.
Will you pls suggest How you make load balance wan to lan
Lan to wan everyone knows
Example client connecting to internal resource remotely
If isp 1 fail it should reach directly to isp2 by domain. Name ...
Means external to internal failover
what was the other feature which was supposed to be on related to SDWAN?
thank you sir. How about if there is a dedicated NAT pool on each of ISP. How would you set it up?
You can set those pool for the NAT
how did you renamed the Port 1 and Port 2
Hello,
Thanks for the amazing video. I have a question, I have created VPNs on ISP 1 and also created VLANs. Will it affect them after creating SD WAN? Do I need to create them again or they will work as they are working now?
Thanks
You need to add all the interface in question to the proper SD WAN member group. So that the policy can apply to the member resources
I am looking for fortigate training, are you also providing online training.
I do not as of now. But soon will have the online bootcamp options available
Hi, I don't have available the ISP1-WAN1 and ISP2-WAN2 in drop down menu SD-WAN member interface (v.7.0.8)
It might be because of the interface references in the configuration. Please delete the config and add the interfaces as members.
When adding the SDWAN ZONE, from where are you getting the gateway details ?
Same an upstream ISP. SDWAN routes requires no gateway.
How did you change putty colour??
Putty settings
how ip add for isp1 - will be 192 network, please explain?
isp1 connected to upstream internet modem