FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ashika17
Staff
Staff
Article Id 282186
Description This article describes how to convert an existing IPsec VPN to an SD-WAN member.
Scope All FortiGate versions.
Solution

The example outlined in this article will demonstrate how to achieve this.

 

To add an 'IPerf' IPsec VPN tunnel (one that exists already) as a part of an SD-WAN network, first ensure that there no active references to that tunnel.

 

Below, there are 4 active references to the 'IPerf' tunnel:

 

IPerf(ref1).PNG

 

Selecting the reference section (e.g. selecting the number '4') will show the various places the VPN is being used currently. Remove the tunnel from all of those displayed references.

 

Iperf(ref2).png

 

Here, the VPN is being used in firewall policies, the static route, and in the corresponding phase 2 setting.

 

Remove the 'IPerf' tunnel interface from the firewall policy as a requirement to allow the VPN tunnel interface to be available as an SD-WAN member.

 

While attempting to create a new SD-WAN member, the 'IPerf' VPN shows up as a part of the available options.

 

sdwan(mem).png

 

Now, the VPN tunnel interface has been added as an SD-WAN member.

 

Added.PNG