Post

Fortinet SD-WAN with IPSec VPN

Posted
By Sena Perdiana 1 min read


SD-WAN with IPSec VPN is a technology that combines SD-WAN and IPSec VPN to securely connect to a remote locations over WAN. SD-WAN optimizes network traffic and allows for centralized management, while IPSec VPN ensures data encryption and secure communication over the WAN.



Network Topology

Here’s the topology for this deployment

x



Site to Site IPSec VPN Configuration

Here the Site to Site IPSec VPNs are already configured, the configuration can be seen in details here

Site 1

x

Site 2

x



Configuring SD-WAN on Site 1

On Forigate on Site 1, create a new SD-WAN Zone

x


Then create a member of VPN 1 interface in the SD-WAN Zone

x


Do the same for VPN 2 interface

x


Here’s the SD-WAN configuration we end up with

x


Next create a Firewall Policy to allow traffic going out to SD-WAN interface

x


And another Policy to allow traffic coming in

x


Lastly, add a route to go out using the SD-WAN interface

x



Configuring SD-WAN on Site 2

For site 2, the configuration is exactly the same but mirrored

x

x

x

x

x

x



Validating SD-WAN Configuration

Now both VPNs within the SD-WAN Zone should be up and running

x

x


And we’re able to ping from local subnet 1 to local subnet 2

x


Ping also works the other way around

x


Now let’s try shutting down the WAN connection for VPN1

x


SD-WAN will intelligently route the traffic to the up and running VPN 2

x

x


Software Defined Networking, Fortinet SD-WAN
SD-WAN Fortigate
This post is licensed under CC BY 4.0 by the author.