SD-WAN | Load Balancing configuration on FortiGate Firewall with Failover Test [PART 1]

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi friends thank you for joining me on this video today we will talk about SD van how it is implemented on body gate firewall and the behavior of this even when it is implemented on body gate file so let's get started so here is my firewall let me just show you the interfaces so this is my interface 1 port 1 1 1 and this is my code 3 value so I cannot have 2 ISPs because I just have 1 SP so I will demonstrate what will happen if one SP is going down with respect to the SD van so if you go here 100 steam van you will see this where you have to enable the feature add the member I'm going to add two and one first [Music] you okay I have defined two members for this particular LC van van one van - on both one and four three typical hair performance SLA you have to create an SLA instructing the device what to do when one thing goes down when you should fail over the links so I'm going to mean it has as the van and I'm going to use a pin to detect the reachability participants are 1 1 1 2 and then I don't want to enable this maybe in production in water and you can choose the latency jitter I'm going to use the packet loss that show so I will define here with there is still packet loss just failover from van 1 to 19 this is a static route update I believe for SD van all right I'm done with this okay so I have one key on the threshold last to packet loss for the failure criteria let's save this so now you can see my four three Internet is active [Music] small hair you will have to define what will you do good things even duck - is he is talking now so I'm going to put I'm going to treat for 300 because I don't have to ISPs buddy this is just lab and ramen so maybe if you want you can distribute the traffic based on volume say turkey 70 or 50/50 I can actually use the funny now you have to create a policy the source is going to be all I don't want to associate any user group this mission is going to be all protocol any best quality this should be selected properly so I want for tree to be my primary interface filling and then poured one to be the second way in [Music] you and I'm going to set the criteria for the failure this was a profile that I created or the failure so I'm associating that profile now as you can see I have a policy that defines the Estevan criteria if you see here for three is active so let me go back to the policy and create a new policy on the network you see as the van interface on the road you will find both on four three you let's define the static route pointing to sd1 you don't have to specify the gateway Plaza if you remember in the beginning of this video we defined the gateway of is p1 and is p2 while considering the s command members let's go back to the policy create a policy for - I have a machine which is connected to 42 outgoing interface will be a Steve Mann source is going to be off this is just for the demonstration purpose I'm going to do match with the outgoing interface you can call it as interface business and now then that traffic is on all three which is my land - you can see both the intervals are up now I will get back to my machine to check you can see here my IP is 192 168 to do 513 which is connected to the firewall interface to five you so you can see I'm able to leave thank you you you so you can see here the source initiating the traffic you let me show you the map let's make sure that we are hitting the copper interface if you see here the outgoing packet is taking 160 103 is a interphase IP so which clearly says that things are going out we are my secondary ISP which is this so now we'll go back to my machine you now if you see here I have shared my internet for being that eight we met zero okay this is the interface on the firewall which will be able to see as one - let me just quickly show you you this is my interface via NFC Oh like know how internet connectivity so I'm going to stop that where for the device to send the traffic want to Liam it forked after eight which is this one so now you see you will be able to see this this is just a internal error where my DHCP is not being labeled on this particular machine if I diagnose this the system must fix this issue alright let's see so now you should be able to see the traffic flowing properly okay now come back to firewall you will be able to see the firewall automatically changing the link from one to two and one

Info

Channel: TechTalkSecurity

Views: 23,855

Rating: undefined out of 5

Keywords: sd, wan, SD-WAN, SD, WAN, fortigate, configure, configuration, implement, implementation, testing, demo, lab, 5.6, 6.0.1, 6.0.2, 6.0.3, 5.6.4, 5.6.6, tutorial, complete, live, traffic, software, defined, optimisation, optimization, web, GUI, CLI, from, scratch, demonstrate, failover, ISP, dual, internet, link, Fortinet, fortinet

Id: pdqkn-x5ZIE

Channel Id: undefined

Length: 14min 23sec (863 seconds)

Published: Sun Jan 27 2019