Hi Guys,
Just seeking some confirmation here. We have a fortigate cluster with the following model/version:
#config-version=FG200E-6.4.7-FW-build1911-21082
Currently, we have 2 Internet links in use with no SD-WAN configuration. We would like to implement SD-WAN for these 2 links. Each interface in question has approximately 40 references in the following config sections:
I would like to know which, if any of there references are not required to be removed before the interface can be available for inclusion into the SDWAN zone. Additionally, after the interfaces have been successfully added, based on your experience, should there be any expected issues adding back the individual interfaces to any of the configs we removed them from (eg. VIPs)? Also, given the OS version and build stated at the top of this post, are there any limitations in the usage of the SDWAN zone in further configurations eg. static routing (the idea is to have a default static route pointing to the SDWAN zone as the next hop).
Thanks in advance for your help
All of them and yes you should upgrade your FortiOS to the latest 6.4 or better yet latest 7.0.
Thanks,
Is there any way to execute this procedure by saving the config file and making the edits via a text editor, then restoring the edited config? Rather than the arduous task of removing and restoring references via the GUI?
Sure that would work.
Hello,
Following will not hinder while adding the interface to the SD-WAN. That is, even if an interface is part of the below configuration, it could still be included in SD-WAN.
Once the SD-WAN is configured, their individual interfaces cannot be used in Firewall Policies. However, can be used in Policy Route or SD-WAN rules.
In Static Routes, we can have either Individual Static Routes or SD-WAN Static Route, not both or mixed.
When SDWAN is configured, it is indeed recommended to remove Individual routes and add SDWAN for proper and expected routings.
Hope this helps.
Regards,
Klint George
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.