Solution overview
This solution uses the FortiOS Fabric Overlay Orchestrator to configure an SD-WAN overlay with the FortiGates in an existing Security Fabric. The Fabric Overlay Orchestrator uses the FortiGate's role in the Security Fabric to automatically determine the FortiGate's role in the SD-WAN overlay. The root FortiGate in the Security Fabric takes the role of the hub, and downstream first-level FortiGates take the roles of spokes.
When configuring the root and downstream FortiGates, the Fabric Overlay Orchestrator configures the following settings in the background:
- IPsec overlay configuration (hub-and-spoke ADVPN tunnels)
- BGP configuration
- Policy routing
- SD-WAN zone
- SD-WAN performance SLAs
- Firewall addresses
- Firewall policies (optional)
After using the Fabric Overlay Orchestrator to configure the Fabric Overlay, you can complete the SD-WAN deployment by configuring SD-WAN rules.
In summary, this document describes how to:
- Use the Fabric Overlay Orchestrator to configure the overlay between the hub and spoke FortiGates as well as generate firewall policies.
- Configure SD-WAN rules to use the performance SLAs created by Fabric Overlay Orchestrator.