Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MERANA
New Contributor

Fortimanager 6.0.X SD-WAN config on the exist added devices

Hi,

 

I am unable to find the steps required to enable SD-WAN on the existing fortinet added in the fortimanager. not a very clear guide to help what will be the steps required? 

 

I have one HA device linked to my fortimanager and I need to enable the SD-WAN and change the required config before pushing it but can't find any clear guide. i wonder if someone help me here? 

8 REPLIES 8
mantaransingh_FTNT

Hi

Please refer this link for configuring SD-WAN on FMGR

https://help.fortinet.com...ices%7CSD-WAN%7C_____0

 

For SD-WAN we require following things

 

1.SD-WAN health check Server

2. SD-WAN template

3.SD-WAN Interfaces.

4. firewall Policies

 

In FMGR, you can configure SD-WAN in two Ways, per device OR Central-Mgmt

-- Per device,

-configure template and health check server for each device individually

-- Central-mgmt,

-common Template and health check Server which can be assigned to multiple devices.(For enabling central-mgmt SD_WAN,go to system settings>> All ADOMs>> edit the ADOM >> Check SD-WAN)

- Interfaces can be configured with default mapping(name has to match with device interface) or per device mapping can be configured.

 

-- Pre-requisite for SD-WAN,

the WAN interfaces should not be referred in the policies

- If you have added FGT to FMGR via wan1/wan2 interface connection, then in all the WAN policies in PP, you need to replace WAN interface with 'sd-wan' interface.

- And then after configuring SD-WAN you can perform installation.

-If you get errors while installation regarding wan interfaces have references, then try to find the reference and delete it. If reference is for firewall policy, you can go to device manager >> double click the device >> CLi Configuration >> firewall Policy >> replace the WAN interfaces with 'virtual-wan-link'. And then try installing again.

 

Thanks

Mantaran Singh

 

 

mantaransingh
MERANA

Thanks for replying. Please can you clarify further few things for me.

 

I have three ADOM and every ADOM have only one HA device added. 

So in order for me to implement SD-wan I have to use per device mapping? 

I am trying to amend configuration but its doesnt seems to work as described in the Fortimanager documentation. 

Also if I need to send traffic to only one interface and 2nd interface wanted to use only if the first fail what will be the type of algo i need to configure to achieve this scenario? 

gabyrossi
Contributor

Hello, Once the SD-WAN is enabled in the ADOM, 1) Create the Members interface, with the same name and the default interface that you have in the FGT (wan1, wan2, port5, etc). If you have several FGT, you can directly do Mapping Per-Device. 2) Create SD_WAN Templates, with a name that refers to the SD-WAN of the FGT-X (to be clear on what FGt you use if you then have to add inetrfaces or modify something else), adding the interfaces you created earlier, SLA, and You need SD-WAN Rules too. 3) Assign the Template to the Device (FGT-X) that you need to configure the SD-WAN Then you install the config in the FGT. I hope you understand my English and the steps of config. Greetings.

Gabriel Rossi

MERANA

Hey,

 

I've tried it but still not able to see SD-WAN zone under interface section to add ports when you prep all the template under sd-wan section on FMG. 

gabyrossi

Hello, in the ADOM, the SD-WAN option must be enabled. (attached image) Once enabled, you can see the SD_WAN section in Device Manager - Top right. (attached image) regards

 

gabyrossi

I attached the other image regards

MERANA

Yes I am aware of it and its enabled as well.

 

but when you go in device-manager - > system -  > interface or static -> router 

 

or even policy & objects -> object configuration -> Zone/Interfaces -> SD-wan won't allow you to edit and put interface into it? 

 

as compared to fortigate firewall it won't show you anything under static -> router section to add routes destination interface as SD-WAN ? 

 

even problem is i can't test this in eval FMG 6.0.4 as it doesn't allow to register fortigate.  

 

gabyrossi

You do not modify the SD-WAN from the interfaces (networks interface), you do it from the SD-WAN option that you showed previously. if from there it does not let you add interfaces, it is because you are using it in a policy, route, or object.

 

Gabriel Rossi

Labels
Top Kudoed Authors