Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
asengar
Staff
Staff

Created on ‎05-25-2023 04:40 AM Edited on ‎01-13-2026 10:32 PM By Community Manager

Article Id 257907

Technical Tip: How to add the interface in SD-WAN member without deleting references

Description This article describes how to deploy from a non-SD-WAN to SD-WAN setup by adding the ISP links (interfaces) to SD-WAN members without deleting the references.
Scope FortiOS v7.0.x and higher.
Solution
  • To deploy SD-WAN on the current running setup without having a large downtime window.
  • Initially, if a migration needs to be done from non-SD-WAN to SD-WAN, then while adding the ISP links in SD-WAN, it was asked to delete all the references of the link(port) to add in the SD-WAN member.
  • Due to the deletion of the reference, it required a large downtime window also along with additional configuration.
  • From version 7.0.x, without deleting the reference, it is possible to add the interface to the SD-WAN existing zone or to create a new zone.

 

Prerequisite :

Enable the SD-WAN feature on the firewall before migrating to the default SD-WAN zone.

 

From CLI:

 

config system sdwan

    set status enable

end

 

Steps:

  1. Go to Dashboard -> Network -> Interfaces.
  2. Select the interface from the list that needs to be added to the SD-WAN member.
  3. After selecting the interface, select the option Integrate Interface at the top, as shown in the picture below.

 

2a23153b-9668-46bc-85c7-aac81a8a7552.jpg

On FortiOS v7.6.x, 'right-click' on the interface and select Integrate Interface.

 

II.PNG

 

  1. Selecting the Integrate Interface gives 3 options: select the last option to add in SD-WAN, select 'Next', and select the zone from the drop-down list.

     

    cc07d4fd-0df4-4d10-a140-55f52c60f349.jpg

     

    4e305e55-6e73-4396-8e7f-5d4ac634f06e.jpg

     

  2. Before selecting the zone, select Next, it will show all the references and ask to delete the reference or replace the same with a new instance.

     

    1ef6c8bf-7f99-4513-8ebb-590e51559d26.jpg

  3. Once the settings are applied, it will reflect in the SD-WAN, so it avoids any additional configuration in the policies.

     

 

It is possible to change the interface type and define VLAN IDs with the help of the Integrated Interface Option.


Note:

Once the changes are done, i.e., from the Physical interface to another, later on, this does not support turning an aggregate, software switch, redundant, zone, or SD-WAN zone interface back into a physical interface.

 

Before FortiOS versions 7.4.8, 7.6.3, 7.6.4, and 8.0.0, the Integrate Interface feature did not work when migrating an interface that has an IPsec tunnel bound to it.  

Interface migration wizard

 

Related documents:

Technical Tip: Moving an Interface that has existing references to SD-WAN zone using Integrate Inte... 

Interface migration wizard 
18735
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.