| Solution |
Creating an SD-WAN Overlay Template involves the following steps:
- Enable SD-WAN Management (v7.6 only).
- Add overlay template.
- Set template details (devices, networks, and config).
- Execute the overlay template to create related IPSec, BGP, and CLI templates.
Follow steps 1 to 5 from the article to log in to FortiManager using CSRF-Token: Technical Tip: How to Refresh the FortiClient EMS Fabric Connector in FortiManager using the API.
- Enable SD-WAN Management: This is only applicable for FortiManager v7.6. Refer to: SD-WAN Manager.
{
"id": "1",
"verbose": 1,
"method": "update",
"params": [
{
"url": "/dvmdb/adom/{{ADOM}}/device/{{DEVICE}}",
"data": {
"flags": [
"sdwan_management"
]
}
}
]
}
{
"method": "add",
"verbose": 1,
"params": [
{
"url": "/pm/template/_sdwan_overlay/adom/{{ADOM}}",
"data": {
"name": "{{TEMPLATE_NAME}}",
"type": "template",
"template setting": {
"stype": "_sdwan_overlay",
"description": "{{DESCRIPTION}}"
}
}
}
],
"id": "2"
}
- Set template details (devices, network, and config). In this example, the topology is set to Single Hub.
{
"id": "3",
"verbose": 1,
"method": "set",
"params": [
{
"url": "/pm/config/adom/{{ADOM}}/template/_sdwan_overlay/{{TEMPLATE_NAME}}/sdwan/overlay",
"data": {
"name": "{{TEMPLATE_NAME}}",
"authmethod": "psk",
"topology": "single-hub",
"loopback-ip": "172.16.0.0/255.255.0.0",
"overlay-network": "10.10.0.0/255.255.0.0",
"as": 65000,
"route_reflection": "disable",
"edge-route-map-in": [],
"edge-route-map-out": [],
"sdwan_template": null,
"router_template": null,
"sdwan_members": "disable",
"sdwan_health_check": "disable",
"auto-branch-id-assignment": "enable",
"hub-number": 1,
"bgp_on_loopback": "disable",
"dynamic_bgp": "disable",
"advpn": "disable",
"hub_sdwan_template": null,
"normalized-interface": "disable",
"nodes": [
{
"_scope": {
"name": "{{DEVICE}}",
"vdom": "{{VDOM}}"
},
"underlay": [
{
"cost": 0,
"id": 1,
"interface": "{{HUB_UNDERLAY_INTERFACE}}",
"private-link": "disable",
"override-ip": "disable",
"ip": null
}
],
"advertisement": "connected",
"role": "hub",
"hub-role": "standalone",
"prefix": [],
"neighbor": null,
"neighbor-group": null,
"vrf": null,
"id": 1
},
{
"_scope": {
"name": "{{DEVICE_GROUP}}",
"is group": 1
},
"underlay": [
{
"cost": 0,
"id": 1,
"interface": "{{SPOKE_UNDERLAY_INTERFACE}}",
"private-link": "disable",
"override-ip": "disable",
"transport-group": 0,
"ip": null
}
],
"advertisement": "connected",
"role": "spoke",
"interface": [],
"neighbor": [
{
"route-map-in": null,
"route-map-out": null,
"route-map-out-preferable": null,
"apply-to-all": 0
}
],
"vrf": [],
"id": 2
}
]
}
}
]
}
- Execute the overlay template to create related IPSec, BGP, and CLI templates.
{
"id": "4",
"method": "exec",
"params": [
{
"url": "/pm/config/adom/{{ADOM}}/_sdwan/overlay/orchestration",
"data": {
"template": "{{TEMPLATE_NAME}}"
}
}
]
}
- Final templates can be checked in FortiManager GUI: Device Manager -> Provisioning Templates:
- Delete the SD-WAN Overlay template.
{
"method": "delete",
"params": [
{
"url": "/pm/template/_sdwan_overlay/adom/{{ADOM}}/{{TEMPLATE_NAME}}"
}
],
"session": "{{SESSION_VALUE}}"
}
- Attached is the API collection that can be imported into Postman.
Related documents:
SD-WAN Manager – Administrator Guide.
Technical Tip: Using FortiManager API.
Fortinet Development Network (FNDN) - FortiManager
|
