| Solution |
Creating the SD-WAN Template via JSON API involves below steps:
- Create the SD-WAN Template.
- Create SD-WAN Zone(s).
- Create SD-WAN Member(s).
- Add Performance SLA (health-check).
- Add SD-WAN Rules (service)
- Add Neighbor
- Add Duplication
- Assign the SD-WAN Template to a FortiGate
- Create the SD-WAN Template:
{
"method": "set",
"params": [
{
"data": {
"name": "test02",
"type": "wanprof"
},
"url": "/pm/wanprof/adom/ADOM_NAME"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Create SD-WAN Zone(s):
{
"method": "set",
"params": [
{
"data": [
{
"name": "ZONE_NAME",
"service-sla-tie-break": "cfg-order"
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/zone"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Create SD-WAN Member(s):
{
"method": "set",
"params": [
{
"data": [
{
"seq-num": 1,
"interface": [
"INTERFACE_NAME"
],
"zone": [
"ZONE_NAME"
],
"gateway": "GATEWAY_IP",
"source": "0.0.0.0",
"gateway6": "::",
"source6": "::",
"cost": 0,
"weight": 1,
"priority": 1,
"spillover-threshold": 0,
"ingress-spillover-threshold": 0,
"volume-ratio": 1,
"status": 1,
"priority6": 1024
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/members"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Add Performance SLA (health-check):
{
"method": "set",
"params": [
{
"data": [
{
"sla": [
{
"id": 1,
"jitter-threshold": 50,
"latency-threshold": 250,
"link-cost-factor": 7,
"mos-threshold": "3.6",
"packetloss-threshold": 5,
"priority-in-sla": 0,
"priority-out-sla": 0
}
],
"name": "NAME",
"probe-packets": 1,
"addr-mode": 7,
"system-dns": 0,
"server": [
"SERVER_IP/DOMAIN"
],
"protocol": 8,
"port": 0,
"ha-priority": 1,
"http-get": "/",
"http-agent": "Chrome/ Safari/",
"dns-request-domain": "www.example.com",
"interval": 1000,
"probe-timeout": 1000,
"failtime": 5,
"recoverytime": 10,
"probe-count": 30,
"diffservcode": "000000",
"update-cascade-interface": 1,
"update-static-route": 1,
"sla-fail-log-period": 0,
"sla-pass-log-period": 0,
"threshold-warning-packetloss": 0,
"threshold-alert-packetloss": 0,
"threshold-warning-latency": 0,
"threshold-alert-latency": 0,
"threshold-warning-jitter": 0,
"threshold-alert-jitter": 0,
"members": [],
"quality-measured-method": 1,
"ftp-mode": 0,
"dns-match-ip": "0.0.0.0",
"detect-mode": 1,
"mos-codec": 1,
"vrf": 0,
"source": "0.0.0.0",
"embed-measured-health": 0,
"sla-id-redistribute": 0
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/health-check"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Add SD-WAN Rules (service):
{
"method": "set",
"params": [
{
"data": [
{
"id": 1,
"name": "NAME",
"addr-mode": 7,
"input-device": [],
"input-device-negate": 0,
"mode": 1,
"role": 3,
"standalone-action": 0,
"tos": "0x00",
"tos-mask": "0x00",
"protocol": 0,
"start-port": 1,
"end-port": 65535,
"dst": [
"SRC_IP/OBJECT"
],
"dst-negate": 0,
"src": [
"SRC_IP/OBJECT"
],
"src-negate": 0,
"users": [],
"groups": [],
"internet-service": 0,
"link-cost-threshold": 10,
"hold-down-time": 0,
"dscp-forward": 0,
"dscp-reverse": 0,
"priority-members": [],
"status": 1,
"gateway": 0,
"default": 0,
"tie-break": 1,
"use-shortcut-sla": 1,
"priority-zone": [
"ZONE_NAME"
],
"passive-measurement": 0,
"internet-service-app-ctrl-category": [],
"input-zone": [],
"agent-exclusive": 0,
"shortcut": 1,
"load-balance": 0,
"zone-mode": 0,
"start-src-port": 1,
"end-src-port": 65535,
"shortcut-priority": 2
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/service"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Add Neighbor:
{
"method": "set",
"params": [
{
"data": [
{
"ip": [
"IP_ADDRESS"
],
"_dynamic_neighbor": [],
"member": [
"ID OF THE SDWAN MEMBER e.g. 1"
],
"role": 3,
"health-check": [
"SLA_NAME"
],
"sla-id": 1,
"mode": 1,
"minimum-sla-meet-members": 1
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/neighbor"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Add Duplication:
{
"method": "set",
"params": [
{
"data": [
{
"id": 2,
"srcaddr": [
"SRC_Addr"
],
"dstaddr": [
"DST_Addr"
],
"srcaddr6": [],
"dstaddr6": [],
"srcintf": [
"INTERFACE"
],
"dstintf": [
"INTERFACE"
],
"service": [
"SERVICE"
],
"packet-duplication": 0,
"packet-de-duplication": 1,
"service-id": [],
"sla-match-service": 0
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/duplication"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Assign the SD-WAN Template to FortiGate(s):
{
"method": "update",
"params": [
{
"data": [
{
"name": "FGT_NAME",
"vdom": "VDOM_NAME"
}
],
"url": "/pm/wanprof/adom/ADOM_NAME/TEMPLATE_NAME/scope member"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
Verify the SD-WAN Template:
{
"method": "get",
"params": [
{
"url": "/pm/config/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan"
}
],
"session": "string",
"id": 1
}
Sample output:
Verify the template on FortiManager GUI:
Related articles:
Technical Tip: Using FortiManager API.
Fortinet Development Network (FNDN) - FortiManager.
Technical Tip: How to create IPSec Template and assign to a device using JSON API.
Technical Tip: Managing the JSON API call with Postman and how to delete, create and update an ADOM....
|
