Topic Thread

Next Generation Firewall (NGFW)

 View Only
Expand all | Collapse all

SDWAN and internet breakout

  • 1.  SDWAN and internet breakout

    Posted 08-06-2019 07:45
    I have two direct internet connections provisioned for a branch site. I have configured the SDWAN using IPSEC tunnels to link the branch back to the HQ. Currently all internet traffic is routed via HQ over the SDWAN interface.

    Is it possible to allow local internet breakout without adding additional links? And where is this configured? I can't find this scenario in the cookbook.


  • 2.  RE: SDWAN and internet breakout

    Posted 08-06-2019 14:52
    Hi Sean,

    Like with anything else on the FortiGate there are various ways to accomplish this.
    However, if you want the local breakout traffic to leverage the SD-WAN controller, I suggest adding the parent physical interfaces of those two IPSEC tunnels (for example WAN1 & WAN2) as SD-WAN members. Next, create Performance SLAs to reachable targets on the Internet with these two interfaces as participating members. Finally, create explicit SD-WAN rules with those two interfaces as part of the rule. Hope this helps.

  • 3.  RE: SDWAN and internet breakout

    Posted 08-07-2019 00:50
    Thanks Peter, I think that makes sense. I will give it a go.