Now that everything is hunky-dorey, you can view the SD-WAN statistics by going to Network, SD-WAN and SD-WAN usage. You can now re-enable any security policies that you pointed at other interfaces from the start. To ensure things are working properly, enable Log Allowed Trafic for All Sessions. Make sure to enable NAT and apply any necessary security profiles. Set the Incoming Interface to physical interface your using for your LAN and set the Outgoing Interface to the SD-WAN interface that you created. Head to Policy & Objects and the IPv4 and click "Create new policy". Step 5: Configuring all local traffic to get routed to the SD-WAN interface Quick tip: It's generally recommended not to use a DNS server (like Google's 8.8.8.8) to ping as they rate-limit ICMP requests and that can cause a false failover. To do so, click on the Network and then Edit SD-WAN Status Check and configure it to ping a remote host.
Your users or CTO will never suspect a thing. If either of the WAN links drops a certain # of ICMP requests, then the Fortigate will revert all traffic to the working WAN link seamlessly. To ensure that WAN failover occurs properly, you will have to setup a health check that pings a remote host for connectivity. The weight is a percentage that equals 100, so you can decide how much traffic is right for your network to traverse each link. You are then able to change the weight metric to alter how much traffic you want going over each WAN link. Go to Load Balance Algorithm and select the Volume Tab. Step 3: Enabling the Load Balancing Algorithm Make sure to add the two WAN interfaces so that they're listed below the SD-WAN status. Set the Interface State to "Enable" (it will be colored green). Head to the configuration page and click on Network and then SD-WAN. Step 1: Physical hookupĬonnect each respective ISP to either one of the WAN links on the back of the Fortigate 60D labelled WAN1 and WAN2. Quick tip: if you have any security policies established that reference WAN1 and/or WAN2, you'll want to redirect those policies to unused ports so as not to delete them. Traffic will not be able to reach WAN1 or WAN2 through the FortiGate after you delete the existing policies." So, in this scenario, you must delete any security policies that use either WAN1 or WAN2, such as the default Internet access policy. "You will not be able to add any interface to the SD-WAN interface that is already used in the FortiGate's configuration.
In order to perform the following steps, you must be in possession of a FortiGate 60D with an active subscriptions to Fortinet's signature database. The Fortinet Fortigate 60D has two WAN links specifically for this purpose.
Although you could argue that you'd want hardware as well as SP (Service Provider) redundancy, this setup will get you 80% of the way there. In environments where you want to guarantee the highest uptime, you'll want to have two separate ISPs to ensure that your network never faces any downtime.
0 kommentar(er)
