Hi,
I am unable to find the steps required to enable SD-WAN on the existing fortinet added in the fortimanager. not a very clear guide to help what will be the steps required?
I have one HA device linked to my fortimanager and I need to enable the SD-WAN and change the required config before pushing it but can't find any clear guide. i wonder if someone help me here?
Hi
Please refer this link for configuring SD-WAN on FMGR
https://help.fortinet.com...ices%7CSD-WAN%7C_____0
For SD-WAN we require following things
1.SD-WAN health check Server
2. SD-WAN template
3.SD-WAN Interfaces.
4. firewall Policies
In FMGR, you can configure SD-WAN in two Ways, per device OR Central-Mgmt
-- Per device,
-configure template and health check server for each device individually
-- Central-mgmt,
-common Template and health check Server which can be assigned to multiple devices.(For enabling central-mgmt SD_WAN,go to system settings>> All ADOMs>> edit the ADOM >> Check SD-WAN)
- Interfaces can be configured with default mapping(name has to match with device interface) or per device mapping can be configured.
-- Pre-requisite for SD-WAN,
the WAN interfaces should not be referred in the policies
- If you have added FGT to FMGR via wan1/wan2 interface connection, then in all the WAN policies in PP, you need to replace WAN interface with 'sd-wan' interface.
- And then after configuring SD-WAN you can perform installation.
-If you get errors while installation regarding wan interfaces have references, then try to find the reference and delete it. If reference is for firewall policy, you can go to device manager >> double click the device >> CLi Configuration >> firewall Policy >> replace the WAN interfaces with 'virtual-wan-link'. And then try installing again.
Thanks
Mantaran Singh
Thanks for replying. Please can you clarify further few things for me.
I have three ADOM and every ADOM have only one HA device added.
So in order for me to implement SD-wan I have to use per device mapping?
I am trying to amend configuration but its doesnt seems to work as described in the Fortimanager documentation.
Also if I need to send traffic to only one interface and 2nd interface wanted to use only if the first fail what will be the type of algo i need to configure to achieve this scenario?
Hello, Once the SD-WAN is enabled in the ADOM, 1) Create the Members interface, with the same name and the default interface that you have in the FGT (wan1, wan2, port5, etc). If you have several FGT, you can directly do Mapping Per-Device. 2) Create SD_WAN Templates, with a name that refers to the SD-WAN of the FGT-X (to be clear on what FGt you use if you then have to add inetrfaces or modify something else), adding the interfaces you created earlier, SLA, and You need SD-WAN Rules too. 3) Assign the Template to the Device (FGT-X) that you need to configure the SD-WAN Then you install the config in the FGT. I hope you understand my English and the steps of config. Greetings.
Gabriel Rossi
Hey,
I've tried it but still not able to see SD-WAN zone under interface section to add ports when you prep all the template under sd-wan section on FMG.
Yes I am aware of it and its enabled as well.
but when you go in device-manager - > system - > interface or static -> router
or even policy & objects -> object configuration -> Zone/Interfaces -> SD-wan won't allow you to edit and put interface into it?
as compared to fortigate firewall it won't show you anything under static -> router section to add routes destination interface as SD-WAN ?
even problem is i can't test this in eval FMG 6.0.4 as it doesn't allow to register fortigate.
You do not modify the SD-WAN from the interfaces (networks interface), you do it from the SD-WAN option that you showed previously. if from there it does not let you add interfaces, it is because you are using it in a policy, route, or object.
Gabriel Rossi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.