Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Considerations when introducing Fortinet Fortigate into a MX dominated WAN.

Solved
sfalloon
Here to help
‎Feb 17 2020 7:59 AM
‎Feb 17 2020 7:59 AM

Considerations when introducing Fortinet Fortigate into a MX dominated WAN.

A client wants to leverage previously purchased equipment (Fortigate). A branch is to come online and the current plan is to use the existing FortiGate as the WAN edge device which will link to HO and possibly the other branches. Are there any preliminary considerations I should look into for such a deployment?

0 Kudos
Subscribe
1 Accepted Solution
cmr
Kind of a big deal
Kind of a big deal
‎Feb 17 2020 1:45 PM
‎Feb 17 2020 1:45 PM

Are you looking to use the Fortigate as the edge of one spoke, the edge of a DC, or as a hub?

 

  1. spoke - create a site to site VPN to the MX in the main site, should be okay as long as you don't need access to/from the other sites etc. due to routing issues.
  2. edge of a DC - if there is an MX as a concentrator there and it is just an internet edge then this should be fine.
  3. hub - just don't even think about it, you lose all the benefits of autoVPN/SD-WAN

So, unless you are following 2, or can accept the limitations of 1, it isn't the best idea

View solution in original post

Subscribe
4 Replies 4
cmr
Kind of a big deal
Kind of a big deal
‎Feb 17 2020 1:45 PM
‎Feb 17 2020 1:45 PM

Are you looking to use the Fortigate as the edge of one spoke, the edge of a DC, or as a hub?

 

  1. spoke - create a site to site VPN to the MX in the main site, should be okay as long as you don't need access to/from the other sites etc. due to routing issues.
  2. edge of a DC - if there is an MX as a concentrator there and it is just an internet edge then this should be fine.
  3. hub - just don't even think about it, you lose all the benefits of autoVPN/SD-WAN

So, unless you are following 2, or can accept the limitations of 1, it isn't the best idea

Subscribe
In response to cmr
sfalloon
Here to help
‎Feb 19 2020 8:25 AM
‎Feb 19 2020 8:25 AM

Great thanks @cmr, those points are exactly the concerns I have. At the moment the Hub is the MX, the FortiGate would take on the role of spoke in the testing phase.
0 Kudos
Subscribe
In response to cmr
sfalloon
Here to help
‎Feb 19 2020 9:05 AM
‎Feb 19 2020 9:05 AM

When considering the site-to-site VPN configuration, how do I tell the local networks on the Meraki to utilize the VPN link to connect to the non-Meraki local networks/resources?
0 Kudos
Subscribe
In response to sfalloon
cmr
Kind of a big deal
Kind of a big deal
‎Feb 19 2020 9:16 AM
‎Feb 19 2020 9:16 AM

I'm pretty sure that you cannot advertise non Meraki VPN networks to Meraki VPN peers using the same MX. You need two and to use static routes. If you simply mean LANs on the MX, as long as their DG is the MX then they should find the non Meraki VPN subnets.

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.