Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    Home FortiManager 7.0.0 New Features
    7.0.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.7
    6.2.3
    6.2.2
    6.2.1
    6.2.0

    New SD-WAN template

    New SD-WAN template

    With the new SD-WAN template, you can use Device VDOM meta fields in the member interface/ interface gateway, neighbor IP, and health-check server definitions.

    In addition, how you enable and configure SD-WAN per-device management and central management has changed. You now use the following methods to enable and configure each:

    • For per-device management, use the device database to configure SD-WAN settings on each device.
    • For central management, use SD-WAN templates to configure SD-WAN settings on one or more devices. SD-WAN templates have moved in Device Manager to Provisioning Templates.

      When you assign an SD-WAN template to a device, you have enabled SD-WAN central management for the device.

      Normalized interfaces are not supported for SD-WAN templates. You can create multiple SD-WAN zones and add interface members to the SD-WAN zones. You must bind the interface members by name to physical interfaces or VPN interfaces.

    When using SD-WAN templates with other types of provisioning templates, such as interface templates and IPsec templates, you should execute the templates in the following order:

    • Interface template
    • IPsec template
    • SD-WAN template

    This topic contains the following sections:

    SD-WAN per-device management

    For SD-WAN per-device management, you can create, edit, and delete interface members, performance SLA, SD-WAN rules, Neighbor, and duplication. After configuring SD-WAN settings, install the configuration to the device.

    To access SD-WAN per-device management:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Open the device database for the device:
      1. Go to Device Manager > Device & Groups.
      2. From the toolbar, select Table View.
      3. In the tree menu, select a device group.

        The devices in the group are displayed in the content pane.

      4. In the content pane, double-click a device.

        Alternately, select a device, and select Configuration from the More menu.

        The device database is displayed in the content pane.

    3. In the toolbar, click the System menu, and select SD-WAN.

      The SD-WAN pane opens.

    4. Configure the following sections for the device, and click Apply:
      • Interface Members
      • Performance SLA
      • SD-WAN Rules
      • Neighbor
      • Duplication
    5. Install the configuration to the device.

    SD-WAN central management

    For SD-WAN central management, you can create an SD-WAN template, and assign the template to one or more devices.

    Normalized interfaces are not supported for SD-WAN templates. You can create multiple SD-WAN zones and add interface members to the SD-WAN zones. You must bind the interface members by name to physical interfaces or VPN interfaces.

    Create performance SLA and SD-WAN rules. You can also configure BGP neighbors and packet duplication. Advanced configuration options are also available.

    After configuring an SD-WAN template, assign the template to one or more devices, and then install the configuration to the devices.

    To access SD-WAN central management:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Device Manager > Provisioning Templates > SD-WAN Templates.

      The SD-WAN templates are displayed.

    3. Click Create New, and select Template.

      The SD-WAN Template pane is displayed.

    4. In the Interface Members section, create one or more zones:
      1. Click Create New > SD-WAN Zone.

        The Create New SD-WAN Zone dialog box is displayed.

      2. In the Name box, type a name for the zone.
      3. Beside Interface Members, click the box to select interface members.

      4. Click OK.

        The SD-WAN zone is created.

    5. In the Interface Members section, create SD-WAN interface members:
      1. Click Create New > SD-WAN Member.

        The Create New SD-WAN Interface Member dialog box is displayed.

      2. In the Interface Members box, type the name of the interface.

        Bind the interfaces by name to physical or VPN interfaces.

      3. Click OK.

        The SD-WAN interface member is created.

    6. Create Performance SLA:
      1. In the Performance SLA section, click Create New.

        The Performance SLA dialog box is displayed.

      2. Complete the options, and click OK.

        The Performance SLA settings are saved.

    7. Create SD-WAN rules.
      1. In the SD-WAN Rules section, click Create New.

        The SD-WAN Rule dialog box is displayed.

      2. Complete the options, and click OK.

        The SD-WAN rules are saved.

    8. Configure BGP neighbors.
      1. In the Neighbor section, click Create New.

        The Neighbor dialog box is displayed.

      2. Complete the options, and click OK.

        The neighbor settings are saved.

    9. Configure packet duplication.
      1. In the Duplication section, click Create New.

        The Duplication dialog box is displayed.

      2. Complete the options, and click OK.

        The packet duplication settings are saved.

    10. Click OK.

      The SD-WAN template is saved.

    11. Assign the SD-WAN template to one or more devices.
      1. Select the SD-WAN template, and click Assign to Device.

        The Assign to Device dialog box is displayed.

      2. In the Available Entries list, select the device, and click the right arrow to move the device to the Selected Entries list, and click OK.

        The SD-WAN template is assigned to the device.

    12. Go to Device Manager > Device & Groups, and view the assigned provisioning templates in the Template Status column.

    13. Click Install Wizard to install the device settings.

      You can preview the settings.

    SD-WAN template support for meta fields

    SD-WAN templates support Device VDOM meta fields. You can use meta fields in SD-WAN templates for the following options:

    • SD-WAN interface member
      • Interface member option
      • Gateway IP option
    • Neighbor
      • IP option
    • Performance SLA
      • Health-Check Server option
    To create meta fields:
    1. Go to System Settings > Advanced > Meta Fields.
    2. Click Create New.

      The Create New Meta Fields pane is displayed.

    3. In the Object box, select Device VDOM.

    4. In the Name box, type a name for the meta field.

      The name of the field becomes the variable name that you can use in SD-WAN templates.

    5. In the Values area, click Create New to define a value for one or more devices.
    6. Click OK.

      The meta field is created.

    In the following SD-WAN template example, meta fields are used for the following interface member options: Interface Member and Gateway IP:

    In the following SD-WAN template example, a meta field is used for the Health-Check Server option in Performance SLA:

    In the following SD-WAN template example, a meta field is used for the IP option in Neighbor:

    Previous
    Next

    New SD-WAN template

    New SD-WAN template

    With the new SD-WAN template, you can use Device VDOM meta fields in the member interface/ interface gateway, neighbor IP, and health-check server definitions.

    In addition, how you enable and configure SD-WAN per-device management and central management has changed. You now use the following methods to enable and configure each:

    • For per-device management, use the device database to configure SD-WAN settings on each device.
    • For central management, use SD-WAN templates to configure SD-WAN settings on one or more devices. SD-WAN templates have moved in Device Manager to Provisioning Templates.

      When you assign an SD-WAN template to a device, you have enabled SD-WAN central management for the device.

      Normalized interfaces are not supported for SD-WAN templates. You can create multiple SD-WAN zones and add interface members to the SD-WAN zones. You must bind the interface members by name to physical interfaces or VPN interfaces.

    When using SD-WAN templates with other types of provisioning templates, such as interface templates and IPsec templates, you should execute the templates in the following order:

    • Interface template
    • IPsec template
    • SD-WAN template

    This topic contains the following sections:

    SD-WAN per-device management

    For SD-WAN per-device management, you can create, edit, and delete interface members, performance SLA, SD-WAN rules, Neighbor, and duplication. After configuring SD-WAN settings, install the configuration to the device.

    To access SD-WAN per-device management:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Open the device database for the device:
      1. Go to Device Manager > Device & Groups.
      2. From the toolbar, select Table View.
      3. In the tree menu, select a device group.

        The devices in the group are displayed in the content pane.

      4. In the content pane, double-click a device.

        Alternately, select a device, and select Configuration from the More menu.

        The device database is displayed in the content pane.

    3. In the toolbar, click the System menu, and select SD-WAN.

      The SD-WAN pane opens.

    4. Configure the following sections for the device, and click Apply:
      • Interface Members
      • Performance SLA
      • SD-WAN Rules
      • Neighbor
      • Duplication
    5. Install the configuration to the device.

    SD-WAN central management

    For SD-WAN central management, you can create an SD-WAN template, and assign the template to one or more devices.

    Normalized interfaces are not supported for SD-WAN templates. You can create multiple SD-WAN zones and add interface members to the SD-WAN zones. You must bind the interface members by name to physical interfaces or VPN interfaces.

    Create performance SLA and SD-WAN rules. You can also configure BGP neighbors and packet duplication. Advanced configuration options are also available.

    After configuring an SD-WAN template, assign the template to one or more devices, and then install the configuration to the devices.

    To access SD-WAN central management:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Device Manager > Provisioning Templates > SD-WAN Templates.

      The SD-WAN templates are displayed.

    3. Click Create New, and select Template.

      The SD-WAN Template pane is displayed.

    4. In the Interface Members section, create one or more zones:
      1. Click Create New > SD-WAN Zone.

        The Create New SD-WAN Zone dialog box is displayed.

      2. In the Name box, type a name for the zone.
      3. Beside Interface Members, click the box to select interface members.

      4. Click OK.

        The SD-WAN zone is created.

    5. In the Interface Members section, create SD-WAN interface members:
      1. Click Create New > SD-WAN Member.

        The Create New SD-WAN Interface Member dialog box is displayed.

      2. In the Interface Members box, type the name of the interface.

        Bind the interfaces by name to physical or VPN interfaces.

      3. Click OK.

        The SD-WAN interface member is created.

    6. Create Performance SLA:
      1. In the Performance SLA section, click Create New.

        The Performance SLA dialog box is displayed.

      2. Complete the options, and click OK.

        The Performance SLA settings are saved.

    7. Create SD-WAN rules.
      1. In the SD-WAN Rules section, click Create New.

        The SD-WAN Rule dialog box is displayed.

      2. Complete the options, and click OK.

        The SD-WAN rules are saved.

    8. Configure BGP neighbors.
      1. In the Neighbor section, click Create New.

        The Neighbor dialog box is displayed.

      2. Complete the options, and click OK.

        The neighbor settings are saved.

    9. Configure packet duplication.
      1. In the Duplication section, click Create New.

        The Duplication dialog box is displayed.

      2. Complete the options, and click OK.

        The packet duplication settings are saved.

    10. Click OK.

      The SD-WAN template is saved.

    11. Assign the SD-WAN template to one or more devices.
      1. Select the SD-WAN template, and click Assign to Device.

        The Assign to Device dialog box is displayed.

      2. In the Available Entries list, select the device, and click the right arrow to move the device to the Selected Entries list, and click OK.

        The SD-WAN template is assigned to the device.

    12. Go to Device Manager > Device & Groups, and view the assigned provisioning templates in the Template Status column.

    13. Click Install Wizard to install the device settings.

      You can preview the settings.

    SD-WAN template support for meta fields

    SD-WAN templates support Device VDOM meta fields. You can use meta fields in SD-WAN templates for the following options:

    • SD-WAN interface member
      • Interface member option
      • Gateway IP option
    • Neighbor
      • IP option
    • Performance SLA
      • Health-Check Server option
    To create meta fields:
    1. Go to System Settings > Advanced > Meta Fields.
    2. Click Create New.

      The Create New Meta Fields pane is displayed.

    3. In the Object box, select Device VDOM.

    4. In the Name box, type a name for the meta field.

      The name of the field becomes the variable name that you can use in SD-WAN templates.

    5. In the Values area, click Create New to define a value for one or more devices.
    6. Click OK.

      The meta field is created.

    In the following SD-WAN template example, meta fields are used for the following interface member options: Interface Member and Gateway IP:

    In the following SD-WAN template example, a meta field is used for the Health-Check Server option in Performance SLA:

    In the following SD-WAN template example, a meta field is used for the IP option in Neighbor:

    Previous
    Next