NFR Beta FOS 6.4 - SD-WAN – Feature Enhancement - Multiple SD-Interface in one VDOM instead one SD-WAN

Boxheimer_Corp · ‎03-24-2020

Dear Fortinet Community

I am looking for more support of my New Feature Request within the FortiOS 6.4 Beta - NFR: Multiple SD-Interface in one VDOM instead one SD-WAN.

It would be good to have the possibility to have multiple SD-WAN Interfaces in one VDOM. – Maybe the right name would SD-Zone.

So, you can have one SD-WAN for the Internet-Traffic and one or multiple VPNs combined in a SD-VPN. At the ende everything is the same, it's a Software Defined Routing and Traffic Management.

The concept today is mixing WAN and VPN in one SD-WAN with the result of losing the clear structure. Without a clean structure you loosing the overview and you getting a worser security.

Please register yourself for the Beta Program and support this request.
This will streamline the SD-WAN and brings back the clear view between WAN and VPN.

To join the Beta Program you need a free Fortinet Developer Account
https://fndn.fortinet.net/index.php?/register/

«All new accounts require two Fortinet Sponsors. Sponsors are Fortinet employees that can confirm your identity and validate your need for an FNDN account. Please enter emails of your Sponsors in the fields below."

After the registration, confirmation and joining the Beta Program, please read and vote for my request.
Beta => Beta Releases => Forums

https://fndn.fortinet.net/index.php?/fortinetbeta/topic/253-nfr-multiple-sd-interface-in-one-vdom-instead-one-sd-wan/

Thank you very much!

------------------------------
Marcus Boxheimer – NSE 4 - 8
SIDARION AG - Expert, Integrator, Data Center
------------------------------

[FirstName]

SIDARION AG | Switzerland
Experience, know-how and commitment – Your SIDARION – www.sidarion.ch

victUllo · ‎06-21-2020

for have multplie sdwan interfaces by appliance, do i need create vdoms and every vdom i can have 1 sdwan? is it right?

faridulalam_FTNT · ‎06-21-2020

Yes, SD-WAN interface per VDOM.
If you have 5 VDOM in a single appliance, then you can create 5 SD-WAN interface.

The NFR (New Feature Request) requested by Marcus, Multiple SD-WAN interface in each VDOM for multi-purpose activity.

------------------------------
Faridul
------------------------------

[FirstName] [JobTitle]

Boxheimer_Corp · ‎06-29-2020

Constant dropping wears the stone. - the feature request was implemented in 6.4.1 - thanks Fortinet - Happy !!

SD-WAN zones

In FortiOS 6.4.1, SD-WAN member interfaces are grouped into SD-WAN zones. These zones can be used in firewall policies. Individual SD-WAN members can no longer be used directly in policies.

In the CLI:

config system virtual-wan-link has been replaced with config system sdwan.
virtual-wan-link option in static route has been renamed sdwan.
diagnose system virtual-wan-link has been replaced with diagnose system sdwan.

config system sdwan

config zone # <== new
edit "virtual-wan-link" # <== default zone

        next
        edit "overlay"
        next
    end
    config members
        edit 1

set interface "port1" #<== in default zone

        next
        edit 2
            set interface "MPLS-VPN"
            s

et zone "overlay" # <== new

        next
    end
end

Previously, SD-WAN members could be used directly by policies. Upon upgrading to 6.4.1, an SD-WAN zone upg-zone-<interface-name> will be created for each member that is defined directly in a policy.

Source: https://docs.fortinet.com/document/fortigate/6.4.1/fortios-release-notes/251225/sd-wan-zones

-------------------------------------------
Original Message:
Sent: Mar 24, 2020 10:36 AM
From: Marcus Boxheimer
Subject: NFR Beta FOS 6.4 - SD-WAN – Feature Enhancement - Multiple SD-Interface in one VDOM instead one SD-WAN

Dear Fortinet Community

I am looking for more support of my New Feature Request within the FortiOS 6.4 Beta - NFR: Multiple SD-Interface in one VDOM instead one SD-WAN.

It would be good to have the possibility to have multiple SD-WAN Interfaces in one VDOM. – Maybe the right name would SD-Zone.

So, you can have one SD-WAN for the Internet-Traffic and one or multiple VPNs combined in a SD-VPN. At the ende everything is the same, it's a Software Defined Routing and Traffic Management.

The concept today is mixing WAN and VPN in one SD-WAN with the result of losing the clear structure. Without a clean structure you loosing the overview and you getting a worser security.

Please register yourself for the Beta Program and support this request.
This will streamline the SD-WAN and brings back the clear view between WAN and VPN.

To join the Beta Program you need a free Fortinet Developer Account
https://fndn.fortinet.net/index.php?/register/

«All new accounts require two Fortinet Sponsors. Sponsors are Fortinet employees that can confirm your identity and validate your need for an FNDN account. Please enter emails of your Sponsors in the fields below."

After the registration, confirmation and joining the Beta Program, please read and vote for my request.
Beta => Beta Releases => Forums

https://fndn.fortinet.net/index.php?/fortinetbeta/topic/253-nfr-multiple-sd-interface-in-one-vdom-in...

Thank you very much!

------------------------------
Marcus Boxheimer – NSE 4 - 8
SIDARION AG - Expert, Integrator, Data Center
------------------------------

[FirstName]

SIDARION AG | Switzerland
Experience, know-how and commitment – Your SIDARION – www.sidarion.ch