Fortinet black logo

SD-WAN Deployment with Fabric Overlay Orchestrator

Home FortiGate / FortiOS 7.2.0 SD-WAN Deployment with Fabric Overlay Orchestrator
7.2.0
7.2.0

Verify firewall policies on the hub

Verify firewall policies on the hub

Different policies are created on the hub FortiGate based on the Policy creation setting in the Fabric Overlay Orchestrator configuration (Automatic, Health check, or Manual).

Automatic

Go to Policy & Objects > Firewall Policy to verify that wildcard firewall policies have been configured on the hub FortiGate. This Fabric Overlay Orchestrator configuration example uses automatic policy creation, and the following firewall policies are configured:

Note

The Automatic policy creation option creates wildcard allow policies for the tunnel overlays. For some cases, these policies do not provide the necessary granularity to restrict overlay traffic to specific subnets or hosts.

Health check

Go to Policy & Objects > Firewall Policy to verify that a single firewall policy allowing health check traffic to the hub’s loopback has been configured on the hub FortiGate. For example:

Manual

Go to Policy & Objects > Firewall Policy to verify that no firewall policies have been created by the Fabric Overlay Orchestrator. If desired, firewall policies must be manually configured on the hub FortiGate to allow traffic to the loopback interface for health checks and the overlays.

Previous
Next

Verify firewall policies on the hub

Different policies are created on the hub FortiGate based on the Policy creation setting in the Fabric Overlay Orchestrator configuration (Automatic, Health check, or Manual).

Automatic

Go to Policy & Objects > Firewall Policy to verify that wildcard firewall policies have been configured on the hub FortiGate. This Fabric Overlay Orchestrator configuration example uses automatic policy creation, and the following firewall policies are configured:

Note

The Automatic policy creation option creates wildcard allow policies for the tunnel overlays. For some cases, these policies do not provide the necessary granularity to restrict overlay traffic to specific subnets or hosts.

Health check

Go to Policy & Objects > Firewall Policy to verify that a single firewall policy allowing health check traffic to the hub’s loopback has been configured on the hub FortiGate. For example:

Manual

Go to Policy & Objects > Firewall Policy to verify that no firewall policies have been created by the Fabric Overlay Orchestrator. If desired, firewall policies must be manually configured on the hub FortiGate to allow traffic to the loopback interface for health checks and the overlays.

Previous
Next