Scribd
Upload
38 views4 pages

SD-WAN Setup on FortiGate 121G

Uploaded by

José Yorki Rodríguez Rodríguez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
38 views4 pages

SD-WAN Setup on FortiGate 121G

Uploaded by

José Yorki Rodríguez Rodríguez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

SD-WAN in Fortigate 121G by ChatGPT

To configure SD-WAN on a FortiGate 121G with two default routes, you need to follow these
steps. This process includes adding interfaces to the SD-WAN zone, creating performance SLAs,
and setting up SD-WAN rules to manage traffic based on performance and failover criteria.

Step 1: Initial Setup and Interface Configuration

1. Log in to the FortiGate GUI.


2. Ensure interfaces are correctly configured for the WAN connections.

Step 2: Configure SD-WAN Zone

1. Go to: Network > SD-WAN.


2. Click on: Create New or Edit the existing SD-WAN zone.
3. Add Interfaces: Add the two WAN interfaces (e.g., wan1 and wan2) to the SD-WAN
zone.

Example Configuration:

 Interface: wan1
o Gateway: Enter the gateway IP for wan1.
o Cost: Set an appropriate cost.
o Priority: Set priority (e.g., 1 for primary).
o Status: Enabled.
 Interface: wan2
o Gateway: Enter the gateway IP for wan2.
o Cost: Set an appropriate cost.
o Priority: Set priority (e.g., 2 for secondary).
o Status: Enabled.

Step 3: Create Performance SLAs

1. Go to: Network > SD-WAN.


2. Click on: Performance SLAs.
3. Create New to define the performance metrics for monitoring.

Example SLA Configuration:

 Name: Primary_Link_Monitor
 Members: Select wan1.
 Check Interface: Select wan1.
 Protocol: Select Ping.
 Server: Enter a reliable external IP (e.g., 8.8.8.8).
 Interval: Set to 5 seconds.
 Fail Count: Set to 5.
 Recovery Count: Set to 5.
 Update Static Route: Enabled.

Step 4: Configure Static Routes

1. Go to: Network > Static Routes.


2. Create New to add the default routes.

Example Static Routes:

 Default Route for Primary Interface:


o Destination: 0.0.0.0/0
o Gateway: IP of wan1 gateway (e.g., 192.168.1.1).
o Interface: wan1
o Distance: 10
o Priority: 0
 Default Route for Secondary Interface:
o Destination: 0.0.0.0/0
o Gateway: IP of wan2 gateway (e.g., 192.168.2.1).
o Interface: wan2
o Distance: 20
o Priority: 0

Step 5: Configure SD-WAN Rules

1. Go to: Network > SD-WAN.


2. Click on: SD-WAN Rules.
3. Create New to define the SD-WAN rule for traffic management.

Example SD-WAN Rule Configuration:

 Name: Internet Access


 Interfaces: Select both wan1 and wan2.
 Service: Select ALL.
 Source: Select all.
 Destination: Select all.
 SLA: Select Primary_Link_Monitor.
 Strategy: Select Lowest Cost (SLA).
 Status: Enabled.

Step 6: Verify Configuration

1. Go to: Network > SD-WAN.


2. Verify: Check the status and performance of the SD-WAN interfaces.
3. Test Failover: Disconnect wan1 to ensure traffic switches to wan2.
4. Reconnect wan1: Ensure traffic switches back to wan1 once it is up.

CLI Commands

If you prefer using the CLI, here are the commands for each step:

Adding Interfaces to SD-WAN Zone

plaintext
Copy code
config system sdwan
config members
edit 1
set interface "wan1"
set gateway <wan1_gateway_ip>
set priority 1
next
edit 2
set interface "wan2"
set gateway <wan2_gateway_ip>
set priority 2
next
end
end

Creating Performance SLA

plaintext
Copy code
config system sdwan
config service
edit 1
set name "Primary_Link_Monitor"
set sla-failover enable
set health-check "ping"
set server "8.8.8.8"
set interval 5
set failtime 5
set recoverytime 5
set members "wan1"
next
end
end

Adding Static Routes

plaintext
Copy code
config router static
edit 1
set dst 0.0.0.0/0
set gateway <wan1_gateway_ip>
set device "wan1"
set distance 10
next
edit 2
set dst 0.0.0.0/0
set gateway <wan2_gateway_ip>
set device "wan2"
set distance 20
next
end

Configuring SD-WAN Rules

plaintext
Copy code
config system sdwan
config service
edit 1
set name "Internet Access"
set mode "load-balance"
set src "all"
set dst "all"
set service "ALL"
set priority "1"
set health-check "Primary_Link_Monitor"
next
end
end

By following these steps, you can configure SD-WAN on your FortiGate 121G to manage two
default routes effectively, providing load balancing and failover capabilities. If you have any
specific questions or need further assistance, feel free to ask!

You might also like