| Solution | Creating the SD-WAN Template via JSON API involves below steps: - Create the SD-WAN Template.
- Create SD-WAN Zone(s).
- Create SD-WAN Member(s).
- Add Performance SLA (health-check).
- Add SD-WAN Rules (service).
- Add Neighbor.
- Add Duplication.
- Assign the SD-WAN Template to a FortiGate.
- Create the SD-WAN Template:
{
"method": "set",
"params": [
{
"data": {
"name": "TEMPLATE_NAME",
"type": "wanprof"
},
"url": "/pm/wanprof/adom/ADOM_NAME"
}
],
"session": "{{session}}",
"id": 1
} Sample output: 
- Create SD-WAN Zone(s):
{
"method": "set",
"params": [
{
"data": [
{
"name": "ZONE_NAME",
"service-sla-tie-break": "cfg-order"
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/zone"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Create SD-WAN Member(s):
{
"method": "set",
"params": [
{
"data": [
{
"seq-num": 1,
"interface": [
"INTERFACE_NAME"
],
"zone": [
"ZONE_NAME"
],
"gateway": "GATEWAY_IP",
"source": "0.0.0.0",
"gateway6": "::",
"source6": "::",
"cost": 0,
"weight": 1,
"priority": 1,
"spillover-threshold": 0,
"ingress-spillover-threshold": 0,
"volume-ratio": 1,
"status": 1,
"priority6": 1024
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/members"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Add Performance SLA (health-check):
{ "method": "set", "params": [ { "data": [ { "sla": [ { "id": 1, "jitter-threshold": 50, "latency-threshold": 250, "link-cost-factor": [ "latency", "jitter", "packet-loss" ], "mos-threshold": "3.6", "packetloss-threshold": 5, "priority-in-sla": 0, "priority-out-sla": 0 } ], "name": "{{SDWAN_SLA}}", "probe-packets": "enable", "addr-mode": "ipv4", "system-dns": "disable", "server": [ "{{DNS_SERVER}}" ], "protocol": "http", "port": 0, "ha-priority": 1, "http-get": "/", "http-agent": "Chrome/ Safari/", "dns-request-domain": "www.example.com", "interval": 1000, "probe-timeout": 1000, "failtime": 5, "recoverytime": 10, "probe-count": 30, "diffservcode": "000000", "update-cascade-interface": "enable", "update-static-route": "enable", "sla-fail-log-period": 0, "sla-pass-log-period": 0, "threshold-warning-packetloss": 0, "threshold-alert-packetloss": 0, "threshold-warning-latency": 0, "threshold-alert-latency": 0, "threshold-warning-jitter": 0, "threshold-alert-jitter": 0, "members": [], "quality-measured-method": "half-open", "ftp-mode": "passive", "dns-match-ip": "0.0.0.0", "detect-mode": "active", "mos-codec": "g711", "vrf": 0, "source": "0.0.0.0", "embed-measured-health": "disable", "sla-id-redistribute": 0 } ], "url": "/pm/config/adom/{{ADOM}}/wanprof/{{TEMPLATE_NAME}}/system/sdwan/health-check" } ], "session": "{{session}}", "id": 1 } Sample output:
- Add SD-WAN Rules (service):
{
"method": "set",
"params": [
{
"data": [
{
"id": 1,
"name": "NAME",
"addr-mode": 7,
"input-device": [],
"input-device-negate": 0,
"mode": 1,
"role": 3,
"standalone-action": 0,
"tos": "0x00",
"tos-mask": "0x00",
"protocol": 0,
"start-port": 1,
"end-port": 65535,
"dst": [
"SRC_IP/OBJECT"
],
"dst-negate": 0,
"src": [
"SRC_IP/OBJECT"
],
"src-negate": 0,
"users": [],
"groups": [],
"internet-service": 0,
"link-cost-threshold": 10,
"hold-down-time": 0,
"dscp-forward": 0,
"dscp-reverse": 0,
"priority-members": [],
"status": 1,
"gateway": 0,
"default": 0,
"tie-break": 1,
"use-shortcut-sla": 1,
"priority-zone": [
"ZONE_NAME"
],
"passive-measurement": 0,
"internet-service-app-ctrl-category": [],
"input-zone": [],
"agent-exclusive": 0,
"shortcut": 1,
"load-balance": 0,
"zone-mode": 0,
"start-src-port": 1,
"end-src-port": 65535,
"shortcut-priority": 2
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/service"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
 - Add Neighbor:
{
"method": "set",
"params": [
{
"data": [
{
"ip": [
"IP_ADDRESS"
],
"_dynamic_neighbor": [],
"member": [
"ID OF THE SDWAN MEMBER e.g. 1"
],
"role": 3,
"health-check": [
"SLA_NAME"
],
"sla-id": 1,
"mode": 1,
"minimum-sla-meet-members": 1
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/neighbor"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Add Duplication:
{
"method": "set",
"params": [
{
"data": [
{
"id": 2,
"srcaddr": [
"SRC_Addr"
],
"dstaddr": [
"DST_Addr"
],
"srcaddr6": [],
"dstaddr6": [],
"srcintf": [
"INTERFACE"
],
"dstintf": [
"INTERFACE"
],
"service": [
"SERVICE"
],
"packet-duplication": 0,
"packet-de-duplication": 1,
"service-id": [],
"sla-match-service": 0
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/duplication"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
 - Assign the SD-WAN Template to FortiGate(s):
{
"method": "update",
"params": [
{
"data": [
{
"name": "FGT_NAME",
"vdom": "VDOM_NAME"
}
],
"url": "/pm/wanprof/adom/ADOM_NAME/TEMPLATE_NAME/scope member"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
 Verify the SD-WAN Template: {
"method": "get",
"params": [
{
"url": "/pm/config/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan"
}
],
"session": "string",
"id": 1
} Sample output: 
Verify the template on FortiManager GUI: 
API Collection is attached which can be imported to Postman. Related articles: Technical Tip: Using FortiManager API. Fortinet Development Network (FNDN) - FortiManager. Technical Tip: How to create IPSec Template and assign to a device using JSON API. Technical Tip: Managing the JSON API call with Postman and how to delete, create and update an ADOM... |
