Ask AI: What is the best way to set up a new Fortigate SDWAN network with backup internet and connectivity between sites?

Setting up a new Fortigate SD-WAN network with backup internet and connectivity between sites involves a series of steps that take into consideration the network architecture and specific business needs. Here's an outline of how to set up an efficient, reliable, and secure Fortigate SD-WAN network: 1. Network assessment: a. Analyze the business requirements, locations of the sites, WAN connectivity options, and redundancy needs. b. Determine the number of necessary Fortigate devices, the type of internet connections, and relevant bandwidth. 2. Select appropriate hardware: a. Choose appropriate Fortigate appliances based on the number of users, network requirements, and feature set. b. Evaluate other network devices that may be necessary, such as routers, switches, or wireless access points. 3. Plan and design the SD-WAN architecture: a. Create a network topology sketch detailing how all sites will be interconnected. b. Plan where the SD-WAN controllers (e.g., FortiManager and FortiAnalyzer) will be deployed, if necessary. c. Define branch office connectivity: you can choose between Hub and Spoke, Partial Mesh or Full Mesh topologies based on your requirements. 4. Configure Primary and Backup internet connectivity at each site: a. Set up dual WAN connections on the Fortigate device at each site. b. Configure primary and backup VLANs, IP addresses, and gateways. c. Use link health monitoring features like link monitoring or ping probes to detect ISP outages and automatically switch to the backup link. d. Configure load balancing and failover options as required, such as policy-based routing or Equal-cost multi-path (ECMP). 5. Enable the SD-WAN features at the Fortigate devices: a. Enable the SD-WAN option in the Fortigate devices. b. Add member interfaces (i.e., primary and backup internet links) to the SD-WAN interface. c. Create health check policies to monitor the quality of the WAN links and take appropriate actions when issues are detected. d. Configure load balancing and prioritization policies. 6. Establish secure connectivity between sites: a. Set up site-to-site VPN connections (IPsec or SSL) between the Fortigate devices at each site. b. Create appropriate routing policies and firewall rules to allow traffic between sites. c. Leverage SD-WAN capabilities like Forward Error Correction (FEC), Quality of Service (QoS), and Traffic Shaping to optimize application performance across the VPN connections. 7. Monitoring and management: a. Configure logging and reporting on each Fortigate device for visibility into network usage and performance. b. Use FortiManager and FortiAnalyzer to centrally manage and monitor all Fortigate devices. c. Establish routine maintenance plans to ensure Fortigate devices are up-to-date with the latest features, bug fixes, and security patches. 8. Implement security features on the Fortigate SD-WAN network: a. Enable features like intrusion prevention system (IPS), antivirus, application control, and web filtering. b. Create security policies for traffic flow between sites and internet destinations. c. Implement two-factor authentication (2FA) for remote administration access. By following these steps, you can set up a reliable, secure, and efficient Fortigate SD-WAN network to support backup internet and inter-site connectivity. The implementation may vary depending on the complexity of the network, but this guide should provide a good starting point for most cases.