There is an assumption that the basic network connectivity has been configured according to the diagram referenced at the beginning of this post. The FortiGate is the most important piece of this environment as will be providing the SD-WAN functionality within the topology. However, non-FortiGate devices will have a brief overview of their configuration in relation to this environment. This section is will mostly focus on the configuration of the FortiGate related devices. Now that the components have been identified, the configuration of these components can be completed to simulate a network environment.
This allows for no explicit routing changes necessary in order to add capability is emulating poor network conditions. This device functions as a bridge and is inserted as a transparent “bump in the wire” between two network devices. The WANBridge is an open source non-maintained project that allows for emulation of poor network conditions by modifying the bandwidth, packet loss and latency of a network flowing through the device. The FortiGates will be connected through devices that emulate poor network conditions to demonstrate the functionality of SD-WAN. SD-WAN will be configured on both FortiGates to perform intelligent path routing on the video streaming traffic. They will have established network connectivity and an overlay IPSec network that rides on top.
The FortiGates will have direct connectivity to each other with no routes in between. They will have a simple configuration with no firewalls enabled and their default gateway pointing to their corresponding FortiGates. The windows clients will be running VLC media player in order to simulate the client and server functions for video streaming. There are a small number of components that make up this topology.
There will be a mechanism within the topology to simulate unfavorable network conditions while the streaming occurs. One host will be the client and the other will be the server of the video. To simulate a network sensitive application, video will be streamed between two hosts. It is not indicative of typical enterprise deployments, however it is simple enough to demonstrate the capabilities of SD-WAN between two FortiGates. The topology in this article is very simple as it establishes connectivity directly between two sites protected by FortiGate.
There is an assumption that the reader of this article has a NSE 4 (or higher) understanding of the FortiGate platform. In addition to that, it will conclude with a video showing this topology with/without SD-WAN so you can see its true potential. This article will focus on the nuts and bolts of the actual configuration used to establish SD-WAN between two FortiGates. This previous article provides an overview of the FortiGate SD-WAN solution.
0 kommentar(er)
