FortiGate SD-WAN Lab
實驗目地: 希望維持 WAN1 為主路由 )、 WAN2 為備路由 , 且 WAN2 的 Virtual Server 會通的設定方式.
又不影響到既有 WAN1上原有的任何服務或規則之下,加入新擴增 WAN2 的其它運用.
事前導讀請參關 FortiGate Policy Routes (PBR) Lab
https://xrcd2.blogspot.com/2026/03/fortigate-policy-routes-pbr-lab.html
(1) 浮動靜態路由模式 / 主備模式
(設定簡略)
config router static
edit 1
set gateway 110.100.100.30
set priority 1
set device "port2"
next
edit 2
set gateway 220.100.100.30
set priority 2
set device "port3"
next
end
這個最為簡單,不需配合 Policy Routes (PBR) 相關設定.
(2) 軟體定義廣域網路(SD-WAN)模式.
這就需要大改了,但日後維運上更為方便.
SD-WAN移轉改接測試如下所示....
---> Rule 規則移轉 GG (要人工介入大改後方可使用)
(設定簡略)
config system sdwan
set status enable
config zone
edit "virtual-wan-link"
next
end
config members
edit 1
set interface "port3"
set gateway 220.100.100.30
next
edit 2
set interface "port2"
set gateway 110.100.100.30
next
end
config health-check
edit "WAN.1.GW"
set server "110.100.100.30"
set members 2
next
edit "WAN.2.GW"
set server "220.100.100.30"
set members 1
next
end
config service
edit 1
set name "Prefer_WAN1"
set mode priority
set dst "all"
set src "all"
set health-check "WAN.1.GW"
set priority-members 2 1
next
end
end
config router static
edit 1
set distance 1
set sdwan-zone "virtual-wan-link"
next
end
沒有留言:
張貼留言