SD-WAN Configuration for Internet Failover With Two Connections | WAN1 & WAN2 | FortiGate 80D
Рет қаралды 48,648
3 жыл бұрынHi, in this video I show you why and how I configured SD-WAN on my FortiGate 80D firewall to use two internet connections.
Blog Article: kbtrainings.com/sd-wan-config...
Check out my CCNA course: kbtrainings.com/c/ccna-200-30...
KBTrainings is an online training platform created to share my knowledge in the IT.
In a world where technologies are radically changing the way we live and future economies, KBTrainings has set itself the goal of popularizing IT concepts and allowing many to start or boost their careers in IT.
The contents range from basic notions and introductions to advanced concepts for engineers. We will cover the following areas: applications, networking and security, web design & development, programming and automation.
In computer networks and security we will focus on Cisco, which is a benchmark in the industry, helping you to get Cisco CCNA and CCNP certificates. These certificates are highly respected in the industry and are a very practical way to prove your knowledge and start or advance your career.
Visit KBTrainings at: www.kbtrainings.com
Follow us on the following platforms:
KZfaq: / kbtrainings
Facebook: / kbtrainings
Instagram: / kbtrainings
Twitter: / kbtrainings
@Dakerino-fz3rk 3 жыл бұрын
Bro, your way of explaining and the way your videos are shot, i dont even see them in channels with 1M subscribers. people are sleeping on you. i hope you get the recognition you deserve. Keep going my brother
@KBTrainings 3 жыл бұрын
Thank you bro! I appreciate it!
@GeorgeG472 2 жыл бұрын
Right! Very professional!
@VucciManeLaFlare 2 жыл бұрын
Keep working bro. It feels good to see a another black man that is knowledgeable and skilled in the craft of computer networking. Looking forward to future content 💪🏾💪🏾🔥🔥
@KBTrainings 2 жыл бұрын
Glad to read this bro! I appreciate it. More to come!
@NetworkBruh 3 жыл бұрын
Man this is an awesome video Guy!!! Backup connection for your home internet connection. And you video quality is top notch man. I need to step my game up lol
@KBTrainings 3 жыл бұрын
Thank you brother! 😀
@868_4_Life 2 жыл бұрын
Been in IT for a while. Currently going for my NSE4 certification but I needed to figure out how to do this NOW. Your presentation is crisp, on point and well researched. Thumbs up and SUBSCRIBED. Keep going Brother. Take it to the next!!!!
@KBTrainings 2 жыл бұрын
Glad to read this! 🙏 Thank you and All the best to you too!
@chrissampson2017 Жыл бұрын
Love your content! Very helpful explanations
@tafsirdiallo Жыл бұрын
Very clear explanation, in french too! Merci monsieur. Subscribed!
@KBTrainings Жыл бұрын
Thank you sir!
@2cool4-FS 2 жыл бұрын
Top video, simple and easy explanation .. Great job bru.
@idowunmadabuchukwu9500 2 жыл бұрын
Your video is amazing and awesome. Keep up the great job.
@xander_9812 2 жыл бұрын
Very informative. Thanks a ton!
@jorgevilla7751 Жыл бұрын
Great video!Thanks
@concept_la Жыл бұрын
Excellent information, thank you.
@insightsmundoafora Жыл бұрын
Hi mate, how I didn't know your channel before. I missed I lot of very good contents. Thanks for sharing and now I'm subscribed.
@KBTrainings Жыл бұрын
Thanks for the sub! I appreciate it and welcome to the fam!
@starplatinum47 6 ай бұрын
amazing work!
@DonaldsonClan Жыл бұрын
Excellent tutorial.
@discgolfamateur2175 Жыл бұрын
Useful, nice and clear.
@saifemran4528 3 жыл бұрын
Thank you, great video!
@KBTrainings 3 жыл бұрын
You're welcome!
@audreympp9305 3 жыл бұрын
Well explained, and very helpful video
@KBTrainings 3 жыл бұрын
Glad you liked it. Thank you!
@abealasto9043 2 жыл бұрын
You are just awesome bro!
@KBTrainings 2 жыл бұрын
Thank you so much 😀
@digiground7613 3 жыл бұрын
Bonne vidéo Guy. helpfull
@KBTrainings 3 жыл бұрын
Good to know! Merci!
@Janik2370 2 жыл бұрын
Good work broda 👍🏼
@KBTrainings 2 жыл бұрын
Thank you for the support 🙏
@MulomboPatient 3 жыл бұрын
Hi big bro, thanks!!! 💪
@KBTrainings 3 жыл бұрын
Thank you for watching.
@gumby7212 2 жыл бұрын
I would like to say how fantastic this video is and how clear your explanations are. I did this and pulled WAN1 with no real downtime. The question I do have is that when WAN1 comes back online, I'm not switching back automatically. What have I missed?
@KBTrainings 2 жыл бұрын
Glad to know you like the contents. I think that might have to do with priority or preference. Make sure that WAN has a higher priority and lower cost compared to WAN2 per the SD WAN rules. docs.fortinet.com/document/fortigate/6.4.1/administration-guide/342836/sd-wan-rules-lowest-cost-sla
@spankybighead7135 Жыл бұрын
With the Fortinet you have to select a primary and secondary if going "manual". Not manual in the sense of you manually switching it at the CLI but there is a "Manual"- Manually assign outgoing interfaces option for SD-WAN rules. Make sure you have WAN 1 and WAN 2 added to the Interface preference. Whichever one you prefer is the one that will be selected first. Then select the back second. When you save you will see the priority with a check. If you primary service fails but is restored it will fail back to the primary.
@hariprasad-uw2yn 2 жыл бұрын
Brother Hope you will get 100K soon.
@KBTrainings 2 жыл бұрын
Thanks bro 🙏🙂
@chinhpham7392 2 жыл бұрын
Videos are very helpful. Let me ask more. Fortinet 60D and 50E, about how many internet access devices can these 2 types bear?
@himora3804 10 ай бұрын
Excellent video! 1 question for a beginner, the router's for each wan has to be in bridge mode?
@gustavogomez89 Жыл бұрын
Hi! great video!! What version of FortiOS are you running on your fortigate 80D, I have a Fortigate90D and I need to do exactly the same configuration on my network. Thanks in advance. Bye!
@ajibolayusuf2057 2 жыл бұрын
Great video again! Love your videos bro! Do you have videos for FortiManager and FortiAnalyzer?
@KBTrainings 2 жыл бұрын
Thank you Ajibola. No videos on the FortiManager yet.
@Sabs761010 5 ай бұрын
@KBTrainings , hi, do you have some videos about to add VPN client to site and site to site with failover feature in Cisco?
@davidcameron927 2 жыл бұрын
Thanks for the video, it was very informative. One question for you though. How does traffic flow to the internet when there is no Gateway set for either WAN? Thanks for your help in understanding!
@KBTrainings 2 жыл бұрын
I'll need to double-check for WAN2... But because WAN1 is a PPPoE (Point to Point), the egress interface is all we need because there is only one device on the other end.
@eddyshieh 2 жыл бұрын
Like your video
@KBTrainings 2 жыл бұрын
Thanks Ed!
@letsworktogether-qq4jv Ай бұрын
what did you use to design the diagram in the video
@user-fd8mt9pf3i 11 ай бұрын
what program did yo use for your documentation drawing?
@gonfreeccss Жыл бұрын
is the WAN load balancing limited up to 2 ISP?
@joellemorris5684 2 жыл бұрын
Thanks for the video! Can you say that your WAN1 and WAN2 are bonded together (in opposition load balancing) or could we set up WAN1 and WAN2 to be bond together with the Fortinet 80D?
@spankybighead7135 Жыл бұрын
I asked the same when selecting the FortiGate. I think the answer is still no. Its load balancing tcp or udp session for session.
@cliffordiwobi3728 2 жыл бұрын
Very good video. Great and simple explanation of how the Fortigate SD-WAN works, though what's not clear to me is the reason why you have created one performance sla rule per connection instead of creating a single performance sla rule checking on both ISP. Is there a specific reason for that?
@2cool4-FS 2 жыл бұрын
I presume he did that because he is using different thresh holds to monitor the 2 WAN connections.
@idrisapatira172 2 жыл бұрын
Nice video, very clear and precise but pls one question, how do I have the secondary link mapped to my Public DNS? and how will devices natted to my primary also be linked to my secondary link. I hope this is clear.
@KBTrainings 2 жыл бұрын
Hi Idris, If you update your DNS manually, you can link it to the secondary link without any problem. But if you use an agent on the device for DDNS, make sure the configurations point to the secondary link. About NAT, I don't think there is a way to change the NAT translation tables... Not sure if I get the question... 😀
@amitsangwan7896 2 жыл бұрын
i have two ISP and i configured SD-WAN on my fortigate 50E. i have SAP server at my Corporate office. now what i want is my SAP works on ISP 1 and rest internet activity will use ISP2.
@FabricioCarvalho Жыл бұрын
just a hint: If you have to use IP pool, you should consider to specify the associated nic to the ip: config firewall ippool edit "snat1-ippool-name" set associated-interface wan1 end then associate with your policy
@Nsadheo Жыл бұрын
Why would the traffic drop when unplugged WAN2 when SD-WAN rule "PreferCenturyLink" only has WAN(WAN) as a member?
@josephjefferson6368 3 ай бұрын
Are these configurations done in conjunction through a conventional ISP or are you paying through a cloud provider? Can SD WAN only be done through the cloud?
@poladrianbinas2156 2 жыл бұрын
Sir my 2 isp have different gateway how should i address, this since i try leaving it like in your video but it displays "empty values is not allowed" error.
@gastonhitw720 8 ай бұрын
hi do i need to have a licensed fortigate in order to do this? let's say i can buy in facebook marketplace a fortigate device, a d model for example, and it's registered to a company or a person, i know you could contact fortigate to ask them to register your device to your name if the previous owner helps you, but even like that the device will be unlicensed and hardware limited, will sd-wan work anyways?
@joaquimtchipa4428 Жыл бұрын
Guy Congratulations for the Video, it was super. Look Guy, I have a concern. I have two internet links, Link 1 and Link 2. But I would like to make sure that, if one of the links goes down, the other link should takes over AUTOMATICALLY (source ip). I don't mean balancing or failover. I am referring to the physical link of one of the providers, in case one is off ou goes down, the other must take over automatically. Could you please help on that particular issue please? Thanks
@estebangomez1823 2 жыл бұрын
What if you instead of disconnected WAN2, disconnected WAN1, would have moved all the traffic to WAN2? and if so, how ?
@johnnyfernandez994 2 жыл бұрын
Hello! Question, do we need license for using SD WAN on Fortigate?
@KBTrainings 2 жыл бұрын
Hello, No license needed for SD WAN
@jackmauleon 2 жыл бұрын
May i ask How many seconds in real time does it failover when you disconnect WAN 2? 16:40 mark of your video.. 3 to 4 DHU and one RTO there right?
@KBTrainings 2 жыл бұрын
I just tried the failover again to have an answer for you. I launched 100 pings from the FortiGate and timed how long it takes. It is literally instantaneous both directions, I only notice the change in the TTL.
@jackmauleon 2 жыл бұрын
@@KBTrainings thank you so much for your reply. I really appreciate your testing. So if the ping came from the fortigate itself, its instant and split second.. what if the ping came from one computer from the LAN? Is it the same? I just want to make sure before I buy FG 60F model..
@walterloco Жыл бұрын
If there is a loss in WAN 1 and your on a video call or audio call over internet would you loose the call while the switch over occurs even if its 3-4 milliseconds? Basically I am looking for a good solution to not lose voice if there is a cut on either WAN.
@KBTrainings Жыл бұрын
You may loose a few packets but that is fine still. Voice is real-time, so the people on the phone can repeat.
@walterloco Жыл бұрын
@@KBTrainings so your thought is that there will not be loss of voice at all if there is a hard cut on WAN 1 when it fails over to WAN 2?
@RonEnderland 3 ай бұрын
Dumb question. When sessions switch from one WAN to another, do their externally visible IP addresses change?
@KBTrainings 3 ай бұрын
Yes, their external IP will change. To avoid this, you can set an IP-Pool and route via dynamic peer.
@aaronvelasco8792 Жыл бұрын
can you please help me to this configuration to my 100d... willing to pay
@buttsaabgreat 2 жыл бұрын
is performance sla compulsory while configuring sd-wan
@KBTrainings 2 жыл бұрын
For businesses the SLA is usually defined with your ISP in advance. But as a regular residential subscriber, I am estimating.
@buttsaabgreat 2 жыл бұрын
@@KBTrainings so it's mean without configuration of sla sdwan can work fine?
@tlxreed Жыл бұрын
This is interesting. I've been watching failover Internet videos for awhile. In a small business sense, once you failover to the 2nd WAN connection, your Internet facing IP is different, perhaps a dynamic IP. Any inbound connections or DNS routing now fails unless the traffic is virtualized in some way, perhaps DDNS or Zerotier. I haven't got that one figured out yet. The failover scenario seems relatively straightforward, it's the switchover to a new network range the the routing of cloud services that is the tough nut to crack.
@spankybighead7135 Жыл бұрын
At first guess...BGP is the right way to go but most small business cannot qualify for a full /24 range nor do they want to use BGP. But assigned ARIN segment advertised via BGP would do the trick. For my situation without BGP I just give them both PAT's but letting them know the connection would break if one of my ISP's goes down temporarily.
@zarifaminnnen 2 жыл бұрын
static route configuration for what?
@KBTrainings 2 жыл бұрын
Because it works. You can also try without it.
@zarifaminnnen 2 жыл бұрын
@@KBTrainings tq
@saudarellano5659 2 жыл бұрын
Is it possible to use SDwan to VPN?
@KBTrainings 2 жыл бұрын
Yes, Check this out: community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-FortiGate-SD-WAN-with-an-IPSEC-VPN/ta-p/190756?externalID=FD41297
@danysaifuddin Жыл бұрын
How to configure it on bridge?
@KBTrainings Жыл бұрын
FortiGate documentation can help: docs.fortinet.com/product/fortigate/7.4
@lowellguzman7249 Жыл бұрын
So you're paying for two separate Internet services?
@KBTrainings Жыл бұрын
Yes, that is correct sir.
@lowellguzman7249 Жыл бұрын
@@KBTrainings Thanks for replying. Got another question...could you tell me how to move the configuration from a 60D to a 60F? Is there much to it? Do you have a video on how to do that? This is for an upgrade of the devices at an office from a 60D to a 60F.
KBTrainings
Рет қаралды 13 М.
KBTrainings
Рет қаралды 138 М.
QAZSPORT TV / ҚАЗСПОРТ TV
Рет қаралды 4,5 МЛН
NetworkChuck
Рет қаралды 546 М.
KBTrainings
Рет қаралды 36 М.
KBTrainings
Рет қаралды 14 М.
KBTrainings
Рет қаралды 200 М.