Fortinet black logo

SD-WAN Deployment with Fabric Overlay Orchestrator

Home FortiGate / FortiOS 7.2.0 SD-WAN Deployment with Fabric Overlay Orchestrator
7.2.0
7.2.0

Configuring SD-WAN rules on a spoke FortiGate

Configuring SD-WAN rules on a spoke FortiGate

On each spoke, the Fabric Overlay Orchestrator automatically creates a performance SLA that corresponds to the hub FortiGate. An SD-WAN rule must be configured on the spoke FortiGates to direct traffic to the hub FortiGate using this performance SLA.

To configure SD-WAN rules on a spoke FortiGate:

  1. Go to Network > SD-WAN, select the SD-WAN Rules tab, and click Create New.

  2. Enter a name (such as LAN-to-HUB).

  3. In the Source section, set the Address to the local subnet of the spoke.

  4. Configure the following in the Destination section:

    1. Set the Address to the local subnet of the hub. If an address object does not exist yet, click Create in the slide-out pane and configure the address.

    2. Set the Protocol number as needed (default = ANY).

  5. Configure the following in the Outgoing Interfaces section:

    1. Set the Interface selection strategy to Lowest cost (SLA).

    2. Set the Interface preference to the SD-WAN members.

    3. Set Required SLA target to the corresponding performance SLA created by the Fabric Overlay Orchestrator, which is named FABRIC_VPN_HUB#1 by default.

  6. Click OK.

Note

If you need to disable the Fabric Overlay Orchestrator on a spoke FortiGate by setting the Status to Disabled, you must first delete any SD-WAN rules on the spoke FortiGate created using this procedure to ensure the added configuration does not block the clean-up process.
Previous
Next

Configuring SD-WAN rules on a spoke FortiGate

On each spoke, the Fabric Overlay Orchestrator automatically creates a performance SLA that corresponds to the hub FortiGate. An SD-WAN rule must be configured on the spoke FortiGates to direct traffic to the hub FortiGate using this performance SLA.

To configure SD-WAN rules on a spoke FortiGate:

  1. Go to Network > SD-WAN, select the SD-WAN Rules tab, and click Create New.

  2. Enter a name (such as LAN-to-HUB).

  3. In the Source section, set the Address to the local subnet of the spoke.

  4. Configure the following in the Destination section:

    1. Set the Address to the local subnet of the hub. If an address object does not exist yet, click Create in the slide-out pane and configure the address.

    2. Set the Protocol number as needed (default = ANY).

  5. Configure the following in the Outgoing Interfaces section:

    1. Set the Interface selection strategy to Lowest cost (SLA).

    2. Set the Interface preference to the SD-WAN members.

    3. Set Required SLA target to the corresponding performance SLA created by the Fabric Overlay Orchestrator, which is named FABRIC_VPN_HUB#1 by default.

  6. Click OK.

Note

If you need to disable the Fabric Overlay Orchestrator on a spoke FortiGate by setting the Status to Disabled, you must first delete any SD-WAN rules on the spoke FortiGate created using this procedure to ensure the added configuration does not block the clean-up process.
Previous
Next