| Solution |
Creating the SD-WAN Template via JSON API involves below steps:
- Create the SD-WAN Template.
- Create SD-WAN Zone(s).
- Create SD-WAN Member(s).
- Add Performance SLA (health-check).
- Add SD-WAN Rules (service).
- Add Neighbor.
- Add Duplication.
- Assign the SD-WAN Template to a FortiGate.
- Create the SD-WAN Template:
{
"method": "set",
"params": [
{
"data": {
"name": "TEMPLATE_NAME",
"type": "wanprof"
},
"url": "/pm/wanprof/adom/ADOM_NAME"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Create SD-WAN Zone(s):
{
"method": "set",
"params": [
{
"data": [
{
"name": "ZONE_NAME",
"service-sla-tie-break": "cfg-order"
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/zone"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Create SD-WAN Member(s):
{
"method": "set",
"params": [
{
"data": [
{
"seq-num": 1,
"interface": [
"INTERFACE_NAME"
],
"zone": [
"ZONE_NAME"
],
"gateway": "GATEWAY_IP",
"source": "0.0.0.0",
"gateway6": "::",
"source6": "::",
"cost": 0,
"weight": 1,
"priority": 1,
"spillover-threshold": 0,
"ingress-spillover-threshold": 0,
"volume-ratio": 1,
"status": 1,
"priority6": 1024
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/members"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Add Performance SLA (health-check):
{
"method": "set",
"params": [
{
"data": [
{
"sla": [
{
"id": 1,
"jitter-threshold": 50,
"latency-threshold": 250,
"link-cost-factor": [
"latency",
"jitter",
"packet-loss"
],
"mos-threshold": "3.6",
"packetloss-threshold": 5,
"priority-in-sla": 0,
"priority-out-sla": 0
}
],
"name": "{{SDWAN_SLA}}",
"probe-packets": "enable",
"addr-mode": "ipv4",
"system-dns": "disable",
"server": [
"{{DNS_SERVER}}"
],
"protocol": "http",
"port": 0,
"ha-priority": 1,
"http-get": "/",
"http-agent": "Chrome/ Safari/",
"dns-request-domain": "www.example.com",
"interval": 1000,
"probe-timeout": 1000,
"failtime": 5,
"recoverytime": 10,
"probe-count": 30,
"diffservcode": "000000",
"update-cascade-interface": "enable",
"update-static-route": "enable",
"sla-fail-log-period": 0,
"sla-pass-log-period": 0,
"threshold-warning-packetloss": 0,
"threshold-alert-packetloss": 0,
"threshold-warning-latency": 0,
"threshold-alert-latency": 0,
"threshold-warning-jitter": 0,
"threshold-alert-jitter": 0,
"members": [],
"quality-measured-method": "half-open",
"ftp-mode": "passive",
"dns-match-ip": "0.0.0.0",
"detect-mode": "active",
"mos-codec": "g711",
"vrf": 0,
"source": "0.0.0.0",
"embed-measured-health": "disable",
"sla-id-redistribute": 0
}
],
"url": "/pm/config/adom/{{ADOM}}/wanprof/{{TEMPLATE_NAME}}/system/sdwan/health-check"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Add SD-WAN Rules (service):
{
"method": "set",
"params": [
{
"data": [
{
"id": 1,
"name": "NAME",
"addr-mode": 7,
"input-device": [],
"input-device-negate": 0,
"mode": 1,
"role": 3,
"standalone-action": 0,
"tos": "0x00",
"tos-mask": "0x00",
"protocol": 0,
"start-port": 1,
"end-port": 65535,
"dst": [
"SRC_IP/OBJECT"
],
"dst-negate": 0,
"src": [
"SRC_IP/OBJECT"
],
"src-negate": 0,
"users": [],
"groups": [],
"internet-service": 0,
"link-cost-threshold": 10,
"hold-down-time": 0,
"dscp-forward": 0,
"dscp-reverse": 0,
"priority-members": [],
"status": 1,
"gateway": 0,
"default": 0,
"tie-break": 1,
"use-shortcut-sla": 1,
"priority-zone": [
"ZONE_NAME"
],
"passive-measurement": 0,
"internet-service-app-ctrl-category": [],
"input-zone": [],
"agent-exclusive": 0,
"shortcut": 1,
"load-balance": 0,
"zone-mode": 0,
"start-src-port": 1,
"end-src-port": 65535,
"shortcut-priority": 2
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/service"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Add Neighbor:
{
"method": "set",
"params": [
{
"data": [
{
"ip": [
"IP_ADDRESS"
],
"_dynamic_neighbor": [],
"member": [
"ID OF THE SDWAN MEMBER e.g. 1"
],
"role": 3,
"health-check": [
"SLA_NAME"
],
"sla-id": 1,
"mode": 1,
"minimum-sla-meet-members": 1
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/neighbor"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Add Duplication:
{
"method": "set",
"params": [
{
"data": [
{
"id": 2,
"srcaddr": [
"SRC_Addr"
],
"dstaddr": [
"DST_Addr"
],
"srcaddr6": [],
"dstaddr6": [],
"srcintf": [
"INTERFACE"
],
"dstintf": [
"INTERFACE"
],
"service": [
"SERVICE"
],
"packet-duplication": 0,
"packet-de-duplication": 1,
"service-id": [],
"sla-match-service": 0
}
],
"url": "/pm/config/adom/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan/duplication"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Assign the SD-WAN Template to FortiGate(s):
{
"method": "update",
"params": [
{
"data": [
{
"name": "FGT_NAME",
"vdom": "VDOM_NAME"
}
],
"url": "/pm/wanprof/adom/ADOM_NAME/TEMPLATE_NAME/scope member"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
Verify the SD-WAN Template:
{
"method": "get",
"params": [
{
"url": "/pm/config/ADOM_NAME/wanprof/TEMPLATE_NAME/system/sdwan"
}
],
"session": "string",
"id": 1
}
Sample output:
Verify the template on FortiManager GUI:
API Collection is attached which can be imported to Postman.
Related articles:
Technical Tip: Using FortiManager API.
Fortinet Development Network (FNDN) - FortiManager.
Technical Tip: How to create IPSec Template and assign to a device using JSON API.
Technical Tip: Managing the JSON API call with Postman and how to delete, create and update an ADOM....
|
