Description | This article describes how to convert an existing IPsec VPN to an SD-WAN member. |
Scope | All FortiGate versions. |
Solution |
The example outlined in this article will demonstrate how to achieve this.
To add an 'IPerf' IPsec VPN tunnel (one that exists already) as a part of an SD-WAN network, first ensure that there no active references to that tunnel.
Below, there are 4 active references to the 'IPerf' tunnel:
Selecting the reference section (e.g. selecting the number '4') will show the various places the VPN is being used currently. Remove the tunnel from all of those displayed references.
Here, the VPN is being used in firewall policies, the static route, and in the corresponding phase 2 setting.
Remove the 'IPerf' tunnel interface from the firewall policy as a requirement to allow the VPN tunnel interface to be available as an SD-WAN member.
While attempting to create a new SD-WAN member, the 'IPerf' VPN shows up as a part of the available options.
Now, the VPN tunnel interface has been added as an SD-WAN member.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.