top of page
Search
Writer's pictureJason Kline

Fortinet SD-WAN

Updated: May 25, 2020

Considering the weather was really terrible I had time to lab this up. Also, I get time to watch "Ip Man" movies with my son :).


I wanted to do a post on Fortinet SDWAN. Got the lab going fairly quickly once I received the licenses from Fortinet.


You can test out many of the basic functions without a license, while I was waiting for licenses for FortiManager, FortiAnalyzer and three virtual FortiGates (all KVM), I was able to test many of the networking functions, e.g. basic SDWAN, routing (BGP, OSPF and yes ISIS). Licenses also remove CPU restrictions on VM's. Note that licenses required internet for validation.

I reached out to the local Fortinet account manager and systems engineer for licensing.


My goal is to test the lab these technologies in a virtual lab, in addition to other technologies I support and like working with. Another objective was to understand controller based vs controller less SDWAN services and vendors.


I would consider Cisco, controller based and Fortinet Controller less.

Cisco has its orchestration service, both cloud based, public cloud server or on premises. Fortinet has the FortiManager (Forti cloud, public cloud and on premise) in addition, which I could not test in my lab the OCVPN, which I would consider an orchestration tool. Unlike Cisco and the control-plane functions are on box, hence controller less, at least from my point of view. Comments always welcome.


Below is the lab diagram, configs and EVE-NG Pro lab. Feel free to spin up and see if you get similar results.


My next blog, I would like to go into more of a deep dive of controller vs controller less.


Thanks for reading.


LAB:

(3) Fortigate VM (KVM) version 6.4.0

(1) FortiManager VM (KVM) version 6.4.0

(1) FortiAnalyzer VM (KVM) version 6.4.0

(3) vIOS Switches (vios_l2-adventerprisek9-m.vmdk.SSA.152-4.0.55.E)

(2) vIOS Routers (vios-adventerprisek9-m.vmdk.SPA.156-2.T)

(1) eve-gui-server (docker)

(3) Linux Servers (linux-ubuntu-server-18.04-pfne)

(2) External network access (1 for ostinato, 1 for internet router)


Download Lab and configs, import into your lab

Once I got all the routing set, I was able to play with the SDWAN settings and see how Fortinet handles things. Using Hub and Spoke with BGP. Unlike controller based, control-plane functions are local. Fortinet does have Overlay Controller VPN (OCVPN), which is more controller based, but I have not played with it yet.


I took screenshots of the lab, including iperf for testing the dual VPN funtionality of the Fortinet SDWAN and how traffic was using both links.




2,629 views0 comments

Recent Posts

See All

Comentários


bottom of page