Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ashika17
Staff
Staff

Created on ‎11-01-2023 03:41 AM Edited on ‎02-05-2025 09:01 PM By Community Manager

Article Id 282186

Technical Tip: Add an existing IPsec VPN tunnel to SD-WAN

Description This article describes how to convert an existing IPsec VPN to an SD-WAN member.
Scope All FortiGate versions.
Solution

The example outlined in this article will demonstrate how to achieve this.

 

To add an 'IPerf' IPsec VPN tunnel (one that exists already) as a part of an SD-WAN network, first ensure that there no active references to that tunnel.

 

Below, there are 4 active references to the 'IPerf' tunnel:

 

IPerf(ref1).PNG

 

Selecting the reference section (e.g. selecting the number '4') will show the various places the VPN is being used currently. Remove the tunnel from all of those displayed references.

 

Iperf(ref2).png

 

Here, the VPN is being used in firewall policies, the static route, and in the corresponding phase 2 setting.

 

Remove the 'IPerf' tunnel interface from the firewall policy as a requirement to allow the VPN tunnel interface to be available as an SD-WAN member.

 

While attempting to create a new SD-WAN member, the 'IPerf' VPN shows up as a part of the available options.

 

sdwan(mem).png

 

Now, the VPN tunnel interface has been added as an SD-WAN member.

 

Added.PNG
8224
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.