Quote from: Dieselboy on October 01, 2020, 01:49:44 AMMy branches are no so far away from head office not more that 100 kilometres, current latency to routers at remote sites is 10-20 miliseconds. I'm afraid what will be when I will route back internet access through main UTM router (Fortigate), because now they have its own internet access. Do you think I need MPLS? My remote sites use only two database applications (MSSQL and 3RD party database). For logging I will use Fortianalyzer.
[remote office] -> VPN -> [main office] ->>> firewall -> [Internet access]
Regarding the branch office to main office connectivity, you may have a poor experience if you do this over VPN. If the remote site and main site are very far from each other then you may have high latency. You will have less than 1500-byte mtu because of overheads. Now if there is any packet loss then then this will reduce your throughput. I suggest a POC (proof of concept) to see how it goes for you. Leased lines / VPLS / MPLS may be better but could be costly.
Another option is SDWAN
I would rather get advice from you, what VPN technology to use to view at my main router every source IP from remote networks - I think only option for me is standard IPSEC VPN because it will do not NAT, if I use something like openvpn or gre then remote subnet will be PAT using remote gateway inteface - am I right? Then at my main router as source from remote sites I will see only openvpn or gre interface IP.