Category: Networking

I was recently involved in a project to roll out FortiGate SDWAN on what sounded like an almost text book scenario: two Hubs and two Branches. Obviously, I won’t post the client’s configs in this post but I will attach some configs from a lab that I created to generate configurations and test generally. (Please review with caution. I did a lot of tweaking and […]

If you were a Big Friendly Giant and wanted fast BGP convergence,you might well investigate BFD. (OK, now I have justified my alliteration we can move on) In the previous post, we had a resilient BGP topology which I will remind us of here: When the FG1 Fortigate was shutdown it took BGP between two and three minutes to re-route traffic through FG2. Popular wisdom […]

Last week I attended an event at Fortinet’s offices in London which are on the 26th floor of a building in the City. With a view like this you’d be forgiven for spending a lot of time looking out of the window Today, I’d like to tinker with BGP on Fortigates. (I have to declare an interest I got a couple of pens, a nice […]

Picking up from the previous post, we now are going to test the resilience of our Hub and Spoke SD-WAN topology using the tests described in the Fortigate design reference guide below: https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-self-healing-with-bgp/559415/overview The following diagram is from the above post’s ‘Testing and Verification section’ which I’m essentially following (though I’m using port1 and port2 not port2 and port3). Having cited my source and given […]

UPDATE: I couldn’t get this working without the frig detailed below. However, there’s probably still some value in this post. (Translation: I’m too lazy to do a similar one) but I did get hold of some evaluation licenses and set up topology the detalied in the link below using FortiOS 7.2.5 – and it worked fine. https://docs.fortinet.com/document/fortimanager/7.2.0/single-datacenter-for-enterprise/503190I If you’re deploying an SD-WAN topology of any […]

I’ve been looking at SD-WAN recently and labbed up a simple implementation to test this using GNS3. This is the setup: The southern cloud to the left allows management access to the Fortigate and the cloud next to it is a connection to a VMWare Workstation Linux box. The clouds north of the Fortigate are both GNS3 Nat clouds out to the Internet. It occurs […]