SD-WAN /Load Balancing/Link Failure/Dual ISP Configuration in Fortigate Firewall [7.x.x]
ฝัง
- เผยแพร่เมื่อ 29 ม.ค. 2022
- How to configure SD-WAN
How to configure 2 ISP SD WAN for Load balancing
Testing link failure with 2 ISP links using SD-WAN policy
Network Topology: techtalksecurity.blogspot.com...
KB: docs.fortinet.com/document/fo...
Note: * LB algorithm can only be configured for the implicit SD-WAN rule via CLI and GUI (not possible with custom user defined rule with the version 7.0.0) - วิทยาศาสตร์และเทคโนโลยี
![[Live] : ONE 167 วันนี้!! "ตะวันฉาย vs โจ"](http://i.ytimg.com/vi/D9_dvfIa6Ao/mqdefault.jpg)
Very nice content. Thanks for sharing
Clear explanation, thank You.
Thank you very much for the video
Nice one. Thanks.
You are the mentor.. great learning video. Have u have published any video on guest wifi captive portal also? If not make one with using external captive portal.
Thank you !!! I can cover the captive portal in my future tutorials.
Hi TechTalkSecurity, 3 quick questions about testing your SLA.
If you ping Google every 500ms (twice a second), can that generate a warning from Google (or other destination) as abuse as that's thousand of pings per hour from one IP. Read that anything over 1 ping every 18 seconds may flag you as a robot and will then ignore your pings (on a consumer account)
Also, will the ping every half second affect the general network? Yes, I know it's small but maybe the constant traffic would affect something?
Lastly, can the performance monitoring (latency, jitter, etc.) be used on the Fortigate without SD-WAN? Just using a basic internet connection (i.e. a simple home circuit)?
1) Most of the clients uses 8.8.8.8 and have not reported any issues so far. It may be possible that google may start flagging any of these activity as automated. But I have not heard anything like this yet.
2) There is no significant impact on the firewall performance while procession the data traffic. There are times when you will have to tune it to avoid any issues. Some times the data traffic may alos cause these monitoring ping to get delayed or dropped as ICMPs are less prioritised as compare to TCP/UDP on most of the firewall
3) Yes we can configure link monitoring using latency, delay , jitter etc. for non SD-WAN functionality.
Thank You
thank you sir. How about if there is a dedicated NAT pool on each of ISP. How would you set it up?
You can set those pool for the NAT
Hello,
Thanks for the amazing video. I have a question, I have created VPNs on ISP 1 and also created VLANs. Will it affect them after creating SD WAN? Do I need to create them again or they will work as they are working now?
Thanks
You need to add all the interface in question to the proper SD WAN member group. So that the policy can apply to the member resources
Thank you
Hi, I don't have available the ISP1-WAN1 and ISP2-WAN2 in drop down menu SD-WAN member interface (v.7.0.8)
It might be because of the interface references in the configuration. Please delete the config and add the interfaces as members.
I am looking for fortigate training, are you also providing online training.
I do not as of now. But soon will have the online bootcamp options available
how ip add for isp1 - will be 192 network, please explain?
isp1 connected to upstream internet modem
How did you change putty colour??
Putty settings