Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

Boxheimer_Corp
New Contributor II

Created on ‎03-24-2020 10:37 AM

NFR Beta FOS 6.4 - SD-WAN – Feature Enhancement - Multiple SD-Interface in one VDOM instead one SD-WAN

Dear Fortinet Community

I am looking for more support of my New Feature Request within the FortiOS 6.4 Beta - NFR: Multiple SD-Interface in one VDOM instead one SD-WAN.

It would be good to have the possibility to have multiple SD-WAN Interfaces in one VDOM. – Maybe the right name would SD-Zone.

So, you can have one SD-WAN for the Internet-Traffic and one or multiple VPNs combined in a SD-VPN. At the ende everything is the same, it's a Software Defined Routing and Traffic Management.

The concept today is mixing WAN and VPN in one SD-WAN with the result of losing the clear structure. Without a clean structure you loosing the overview and you getting a worser security.



Please register yourself for the Beta Program and support this request.
This will streamline the SD-WAN and brings back the clear view between WAN and VPN.

To join the Beta Program you need a free Fortinet Developer Account
https://fndn.fortinet.net/index.php?/register/

«All new accounts require two Fortinet Sponsors. Sponsors are Fortinet employees that can confirm your identity and validate your need for an FNDN account. Please enter emails of your Sponsors in the fields below."

After the registration, confirmation and joining the Beta Program, please read and vote for my request.
Beta => Beta Releases => Forums

https://fndn.fortinet.net/index.php?/fortinetbeta/topic/253-nfr-multiple-sd-interface-in-one-vdom-instead-one-sd-wan/

Thank you very much!



------------------------------
Marcus Boxheimer – NSE 4 - 8
SIDARION AG - Expert, Integrator, Data Center
------------------------------
[FirstName]

SIDARION AG | Switzerland
Experience, know-how and commitment – Your SIDARION – www.sidarion.ch
[FirstName]SIDARION AG | SwitzerlandExperience, know-how and commitment – Your SIDARION – www.sidarion.ch
Labels:
1029
3 REPLIES 3
victUllo
New Contributor

Created on ‎06-21-2020 11:37 AM

for have multplie sdwan interfaces by appliance, do i need create vdoms and every vdom i can have 1 sdwan? is it right?
982
0 Kudos
faridulalam_FTNT
Staff
Staff
In response to victUllo

Created on ‎06-21-2020 11:44 AM

Yes, SD-WAN interface per VDOM.
If you have 5 VDOM in a single appliance, then you can create 5 SD-WAN interface.

The NFR (New Feature Request) requested by Marcus, Multiple SD-WAN interface in each VDOM for multi-purpose activity.


------------------------------
Faridul
------------------------------
[FirstName] [JobTitle]
982
0 Kudos
Boxheimer_Corp
New Contributor II

Created on ‎06-29-2020 10:45 AM

Constant dropping wears the stone. - the feature request was implemented in 6.4.1 - thanks Fortinet - Happy !!

SD-WAN zones

In FortiOS 6.4.1, SD-WAN member interfaces are grouped into SD-WAN zones. These zones can be used in firewall policies. Individual SD-WAN members can no longer be used directly in policies.

In the CLI:

  • config system virtual-wan-link has been replaced with config system sdwan.
  • virtual-wan-link option in static route has been renamed sdwan.
  • diagnose system virtual-wan-link has been replaced with diagnose system sdwan.
config system sdwan
config zone # <== new
 edit "virtual-wan-link" # <== default zone
 
        next
        edit "overlay"
        next
    end
    config members
        edit 1
set interface "port1" #<== in default zone
 
        next
        edit 2
            set interface "MPLS-VPN"
            s
et zone "overlay" # <== new
 
        next
    end
end


Previously, SD-WAN members could be used directly by policies. Upon upgrading to 6.4.1, an SD-WAN zone upg-zone-<interface-name> will be created for each member that is defined directly in a policy.

Source: https://docs.fortinet.com/document/fortigate/6.4.1/fortios-release-notes/251225/sd-wan-zones 

-------------------------------------------
Original Message:
Sent: Mar 24, 2020 10:36 AM
From: Marcus Boxheimer
Subject: NFR Beta FOS 6.4 - SD-WAN – Feature Enhancement - Multiple SD-Interface in one VDOM instead one SD-WAN

Dear Fortinet Community

I am looking for more support of my New Feature Request within the FortiOS 6.4 Beta - NFR: Multiple SD-Interface in one VDOM instead one SD-WAN.

It would be good to have the possibility to have multiple SD-WAN Interfaces in one VDOM. – Maybe the right name would SD-Zone.

So, you can have one SD-WAN for the Internet-Traffic and one or multiple VPNs combined in a SD-VPN. At the ende everything is the same, it's a Software Defined Routing and Traffic Management.

The concept today is mixing WAN and VPN in one SD-WAN with the result of losing the clear structure. Without a clean structure you loosing the overview and you getting a worser security.



Please register yourself for the Beta Program and support this request.
This will streamline the SD-WAN and brings back the clear view between WAN and VPN.

To join the Beta Program you need a free Fortinet Developer Account
https://fndn.fortinet.net/index.php?/register/

«All new accounts require two Fortinet Sponsors. Sponsors are Fortinet employees that can confirm your identity and validate your need for an FNDN account. Please enter emails of your Sponsors in the fields below."

After the registration, confirmation and joining the Beta Program, please read and vote for my request.
Beta => Beta Releases => Forums

https://fndn.fortinet.net/index.php?/fortinetbeta/topic/253-nfr-multiple-sd-interface-in-one-vdom-in...

Thank you very much!



------------------------------
Marcus Boxheimer – NSE 4 - 8
SIDARION AG - Expert, Integrator, Data Center
------------------------------​​​​
[FirstName]

SIDARION AG | Switzerland
Experience, know-how and commitment – Your SIDARION – www.sidarion.ch
[FirstName]SIDARION AG | SwitzerlandExperience, know-how and commitment – Your SIDARION – www.sidarion.ch
982
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.