Showing results for 
Search instead for 
Did you mean: 

Community Helping Community


Migrating to ACI | DMVPN hub and Fortigate connections

Dear community!

I need to figure out best design and config option for migrating our traditional DC network to ACI. We have our branches connected using DMVPN to the ASR 1001-x HUB and are using OSPF for routing. Between branches network and servers we have Fortigate 200E in routed mode with OSPF running on it which is connected also to the border router and HQ LAN. All access to servers and internet from both HQ LAN and branches are controlled by fw rules on Firewall.

We are moving to ACI for DC network and already have 2x 9332 spines and 93180yc-ex leaves.

My question is how to connect ASR and Fortigate to the ACI and organize configs in order to keep current enforcements on Fortigate and also use teh same fortigate for controlling traffic between different EPGs in a future? Few options I consider.

1. Do not connect ASRs to the leaves as L3Outs and connect only FG200E in unmanaged mode.

2. Connect both ASRs and FG to the leaves but in that case all traffic flowing from branches to internet will enter to ACI fabric.

Which options are possible? current topology is attached. thank you!

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here