Technical Tip: Moving an Interface that has existi... - Fortinet Community

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 301238

Description

This article explains how to use the integrated interface feature to move the interface that has references to the SD-WAN zone.

Scope

FortiGate v7.x.

Solution

Before FortiGate v7.x:

Moving an interface to SD-WAN was a lengthy and manual process.
The 'integrate' feature was not available, requiring to:
- Delete all references to the interface (for example: IPSec tunnels, and static routes).
- Move the interface to SD-WAN.
- Manually recreate all the deleted references.

After FortiGate v7.x (using port1 as an example):

The process is much simpler and more efficient thanks to the 'integrate' feature.
How to move port1 to SD-WAN using the new method:

Note: port1 currently has five references:

Four references across two IPSec tunnels.
One reference in a static route.

Prerequisite :

Enable the SD-WAN feature on the firewall before migrating to the default SD-WAN zone.

From CLI:

config system sdwan

set status enable

end

To move the interface to SD-WAN:

Select Integrate Interface:

Select Migrate to SD-WAN zone:

Select the SD-WAN zone.
Check the references options (replace the instance or delete the entry).

The interface will be moved to the SD-WAN zone.

Delete the default static route on port1 and change it to SD-WAN zone. It is required when multiple interfaces are added to the zone.

2551

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Copyright 2025 Fortinet, Inc. All Rights Reserved.