How to configure ADVPN-SD-WAN with BGP protocol

1.Configue Fortigate Access to internet

2.Configue Lan Management for Vlan

3.Create Zone to Management

5-Configue Vlan Access to Internet

6-Configue ADVPN with SD-WAN

7-Set ip address to VPN Tunnel

8-Allow HQ access to Brand

10-Allow Brand Access to HQ

11-Allow Brand Access to brand in HQ

12-Configure BGP Routing Protocol

6-Configue ADVPN with SD-WAN in HQ

Create SD-WAN Zone

Go to Network select SD-WAN click Dialog box Create New select SD-WAN Zone, set name

Click Ok

After create zone now, we add member to SD-WAN Zone

Click Create SD-WAN Member

Interface: Select VPN

And the fill out your information lap

Click Next click Create click Close

Now SD-WAN Zone has one member

Create one more member

Click Create SD-WAN Member

Interface: Select VPN

And the fill out your information lap

Remote IP address: you can set any IP address, Because we set temporary, We change it on VPN Tunnel later

Click Next click Create click Close

Now we have to member for advpn-sd-wan

Customize VPN Tunnel isp1

Enter VPN select IPsec Tunnels chose name of vpn click on dialog box Edit select Convert To Custom Tunnel

Customize VPN Tunnel isp2

Enter VPN select IPsec Tunnels chose name of vpn click on dialog box Edit select Convert To Custom Tunnel

7-Set ip address to VPN Tunnel isp1

To set ip address to vpn tunnel, go to Network select Interface find interface isp1 dropdown list isp1 you will see Tunnel Interface select on it click on dialog box Edit

Click OK

7-Set ip address to VPN Tunnel isp2

8-Allow HQ access to Brand

1-Allow hq-to-site-a

2-Allow hq-to-site-b

10-Allow Brand Access to HQ

1-Allow site-a-to-hq

2-Allow site-b-to-hq

11-Allow Brand Access to brand in HQ

1-site-a-to-site-b

12-Configure BGP Routing Protocol Isp1 in HQ

Go to Network select BGP

Ø Neighbor Groups click Create New

Name: bgp-vpn1

Remote AS: 65412

Activate IPv4 click on and select like image below click OK

12-Configure BGP Routing Protocol Isp2 in HQ

On BGP Routing Protocol Isp2 in HQ we configure like isp1, we just change Name of Group

Ø Neighbor Ranges

Neighbor Ranges is ranges of VPN Tunnel isp1 and isp2

Ø Network is add local network rang of HQ Lan

Click Apply

On HQ finished configuration vpn and BGP Routing

Site-A brand

1.Configue Fortigate Access to internet

2.Configue Lan Management for Vlan

3.Create Zone to Management

5-Configue Vlan Access to Internet

6-Configue ADVPN with SD-WAN

7-Set ip address to VPN Tunnel

8-Allow HQ access to Brand

10-Allow Brand Access to HQ

11-Allow Brand Access to brand in HQ

12-Configure BGP Routing Protocol

6-Configue ADVPN with SD-WAN

Create SD-WAN Zone

Go to Network select SD-WAN click Dialog box Create New select SD-WAN Zone, set name

Click OK

After create zone now, we add member to SD-WAN Zone

Click Create SD-WAN Member

Interface: Select VPN

And the fill out your information lap

Click Next click Create click Close

Now SD-WAN Zone has one member

Create one more member

Click Create SD-WAN Member

Interface: Select VPN

And the fill out your information lap

Remote IP address: You need set IP address of HQ isp2,

Click Next click Create click Close

Now we have to member for advpn-sd-wan

7-Set ip address to VPN Tunnel isp1

To set ip address to vpn tunnel, go to Network select Interface find interface isp1 dropdown list isp1 you will see Tunnel Interface select on it click on dialog box Edit