Topic Thread

Expand all | Collapse all

SDWAN and internet breakout

  • 1.  SDWAN and internet breakout

    Posted 19 days ago
    I have two direct internet connections provisioned for a branch site. I have configured the SDWAN using IPSEC tunnels to link the branch back to the HQ. Currently all internet traffic is routed via HQ over the SDWAN interface.

    Is it possible to allow local internet breakout without adding additional links? And where is this configured? I can't find this scenario in the cookbook.


  • 2.  RE: SDWAN and internet breakout

    Posted 18 days ago
    Hi Sean,

    Like with anything else on the FortiGate there are various ways to accomplish this.
    However, if you want the local breakout traffic to leverage the SD-WAN controller, I suggest adding the parent physical interfaces of those two IPSEC tunnels (for example WAN1 & WAN2) as SD-WAN members. Next, create Performance SLAs to reachable targets on the Internet with these two interfaces as participating members. Finally, create explicit SD-WAN rules with those two interfaces as part of the rule. Hope this helps.

  • 3.  RE: SDWAN and internet breakout

    Posted 18 days ago
    Thanks Peter, I think that makes sense. I will give it a go.