FortiWAN Tunnel Routing – Benchmark

Leave a reply

The settings for the headquarters:

Set the field Local Host ID as “HQ”.

Local Host ID: HQ
Group Name Remote Host

ID

 Algorithm Tunnels

Local IP

 Remote IP Weight
HQ-Branch1 Branch1 Round-Robin 3.3.3.3 1.1.1.1 1
HQ-Branch2 Branch2 Round-Robin 3.3.3.3 2.2.2.2 1
Routing Rules
Source Destination Service Group Fail-Over
192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 Any HQ-Branch2 No-Action
192.168.2.0/255.255.255.0 192.168.1.0/255.255.255.0 Any HQ-Branch1 No-Action

The settings for the branch1

Set the field Local Host ID as Branch1

Local Host ID: Branch1

Tunnel Group
Group Name Remote Host

ID

 Algorithm Tunnels

Local IP

 Remote IP Weight
Branch1-HQ HQ Round-Robin 1.1.1.1 3.3.3.3 1
Routing Rules
Source Destination Service Group Fail-Over
192.168.1.0/255.255.255.0 192.168.2.0/255.255.255.0 Any Branch1-HQ No-Action

The settings for the branch2

Set the field Local Host ID as Branch2

Local Host ID: Branch2

Tunnel Group
Group Name Remote Host

ID

 Algorithm Tunnels

Local IP

 Remote IP Weight
Branch2-HQ HQ Round-Robin 2.2.2.2 3.3.3.3 1
Routing Rules
Source Destination Service Group Fail-Over
192.168.2.0/255.255.255.0 192.168.1.0/255.255.255.0 Any Branch2-HQ No-Action
Example 4: Central Routing of Tunnel Routing

A company operates two branch offices oversea. Intranet is established throughout the three locations, but the branch 1 does not have any public links to the internet and uses tunnel routing to connect to the internet via the WAN in the headquarters. The branch 2 uses a public WAN link for internet. In the event of WAN link failure, the tunnel between branch 2 and headquarters office will be the backup line for internet connection.

Summary of the Network

  Headquarters Branch 1 Branch 2
WAN 1 No 1.1.1.1 No
WAN 2 No No 2.2.2.2
WAN 3 3.3.3.3 No No
WAN 4 4.4.4.4 No No

 

  Headquarters Branch 1 Branch 2
WAN 5 No No 5.5.5.5
LAN No 192.168.1.0/24 192.168.2.0/24

The settings for the headquarters:

Set the field Local Host ID as “HQ”. Local Host ID: HQ

Tunnel Group
Group Name Remote Host

ID

 Algorithm Tunnels

Local IP

 Remote IP Weight
HQ-Branch1 Branch1 Round-Robin 3.3.3.3 1.1.1.1 1
HQ-Branch2 Branch2 Round-Robin 3.3.3.3 2.2.2.2 1
Pages: 1 2 3 4 5
This entry was posted in Administration Guides, FortiWAN on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.