Dual-role SDWAN connectivity and security (Next-Generation Firewall) Network Virtual Appliances can be deployed in the Virtual WAN hub. These virtual appliances can be used to inspect all North-South, East-West, and Internet-bound traffic.
Azure vWan comes into play when you go cross region, multi-region, doing dynamic routing across region this is where vWan comes in to play. Each of these fortigates will sit as virtual machine inside Azure VM scale set, they’re going to be sitting behind an Azure internal load balancer and routing internts which is a policy which you enable at the Hub level and applies to anything connected to that hub.
There are two policies that you can apply.
- Local or Private routing – gives the summary routes for the rfc 1918 network and the next-hop would be the front-end of the internal load balancer.
- Internet policy – give you the default route 0.0.0.0/0 with the same load balancer IP front end as the next-hop.
Scale size which need to be consider on the design. How many instances can it support?
Load balancer is session aware? we need to recognize the flow going in/out.
—————————
We have the following under Devices & Groups
a. Branches (Dashboard Summary > Network Monitor)
b. East US Hub
Where do we configure the SDWAN Rule ? (Network > SDWAN)
…….
