TechLeague

    Fortinet

    FortiGate SD-WAN best practices for production

    TechLeague Editorialยทยท8 min read

    Fortinet's SD-WAN is built into FortiGate โ€” no separate orchestrator unless you scale. Done right, you cut MPLS costs by half.

    Underlay

    • Two diverse internet links per site, optional MPLS.
    • BGP per VRF; loopback peering simplifies overlay.

    ADVPN

    • Hub-and-spoke with shortcut tunnels for direct branch traffic.
    • Eliminates traffic trombone.

    SLA probes

    • Latency, jitter, packet loss thresholds per app class.
    • Failover within 1s with proper health-check tuning.

    Application steering

    • Critical apps to MPLS or best link.
    • Bulk traffic to internet.

    ZTP

    • FortiManager + FortiDeploy for branch rollout.
    • Templates per region.

    Train SD-WAN troubleshooting in a TechLeague tournament.