FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to deploy from non-SD-WAN to SD-WAN setup by adding the ISP links (interfaces) to SD-WAN members without deleting the references.
FortiOS 7.0.x and Higher.
- To deploy SD-WAN on the current running setup without having a large downtime window.
- Initially, if a migration needs to be done from non-SD-WAN to SDWAN then while adding the ISP links in SDWAN, it was asking to delete all the references of the link(port) in order to add in SD-WAN member.
- Due to the deletion of the reference it required a large downtime window also along with additional configuration.
- From version 7.0.x without deleting the reference, it is possible to add the interface in SD-WAN existing zone or can create a new zone.
Steps: 1) Go to Dashboard -> Network -> Interfaces. 2) Select the interface from the list which needs to be added to the SD-WAN member. 3) After selecting interface, select the option Integrate Interface on the top as shown in the below picture.
4) Selecting the integrated interface gives 3 options, select the last option to add in SD-WAN, select 'Next' and select the zone from the dropdown list.
5) Post selection of the zone click Next, It will show all the reference and ask to delete the reference or replace the same with a new instance.
6) Once the settings are applied it will reflect in the SD-WAN, so it avoids any additional configuration in the policies.
It is possible to change the interface type, define VLAN ids with the help of Integrate Interface Option.
Once the changes are done i.e. from the Physical interface to another, later on, this does not support turning an aggregate, software switch, redundant, zone, or SD-WAN zone interface back into a physical interface.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.