Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tommie5
New Contributor

Created on ‎05-22-2025 12:58 AM

Make the Standalone function in FGSP not synchronize the SD-WAN configuration.

Hello everyone. Our company has two Fortigate 1500D firewalls, and we have configured FSGP, SD-WAN, and Standalone settings. On the core switch, I have set the default routes to point to these two firewalls respectively, and these two firewalls are interconnected to the carrier through their respective lines, then directed to the same carrier via static default routes.

The current issue is that when using Standalone configuration synchronization, gateways within the same SD-WAN members get overridden by the main firewall. Since this carrier provides me with two lines corresponding to different next hops, it's impossible to direct them towards the same gateway.

My question now is whether it's possible to specify Standalone functionality so that these two firewalls do not synchronize configurations within the SD-WAN module; when needed, I can manually configure features in this SD-WAN module while still enjoying other synchronized configurations under Standalone.3154703998.png

Labels:
439
0 Kudos
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎05-22-2025 05:28 AM

Hi Tommie

It is possible to exclude some objects from FGCP synchronization.

https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/105611/vdom-exceptions

Unfortunately excluding sdwan config sync is only available on cloud FG.

I think you have 3 possible solutions:

  1. Use FortiManager to push the same rules and objects on both FGs
  2. Make the required design change so that the SD-WAN configs are the same, and continue use FGCP sync
  3. Do not use FGCP sync, and push config separately on each FG
AEK
AEK
404
Tommie5
New Contributor
In response to AEK

Created on ‎05-22-2025 08:22 PM

Hello, AEK. I am using the FGSP feature, not FGCP. I have already negotiated with the carrier(ISP), and they can only have different nexthop corresponding to different interface addresses; their specifications cannot be modified.

My firewall version is 7.2.11, and I did not purchase fortigate cloud and fortimanager features.

Is there a better way?

366
0 Kudos
AEK
SuperUser
SuperUser
In response to Tommie5

Created on ‎05-25-2025 12:42 PM Edited on ‎05-25-2025 12:43 PM

Hi Tommie

FGSP is for session synchronization only.

FGCP is for HA or for config only synchronization.

I think one of the possible solutions is to configure your SD-WAN interfaces to use DHCP (or PPPoE) instead of static IP. In that case you don't need to set IP & GW since they are acquired dynamically.

AEK
AEK
330
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.