Fortinet black logo

SD-WAN Orchestrator 7.0.0.r1 Administration Guide

Home FortiManager 7.0.0 SD-WAN Orchestrator 7.0.0.r1 Administration Guide

Creating ISP links

7.0.0
7.0.0
Copy Link
Copy Doc ID 11338d8b-a934-11eb-b70b-00505692583a:351757
Download PDF

Creating ISP links

To create ISP links:
  1. Go to Configuration > Shared Resources > Network > ISP Link.
  2. In the toolbar, click +Create New.

    A dialog box is displayed.

  3. Configure the settings, and click OK.

    Option Description
    Name Enter a name for the ISP link.
    Type

    From the dropdown, select one of the following options:

    • Internet: An Internet ISP link with a public IP can both initiate or respond IPsec negotiation with peer devices.
    • MPLS: If a WAN port is set as MPLS link type with Private Wire on, it can only establish IPsec tunnels with other devices’ WAN ports that are also configured as MPLS.
    • LTE: Usually used when local WAN port is behind NAT or without a public IP address. If a WAN port is set as LTE, it can only be IPSec initiator but not responder.
    Cost

    From the dropdown, select Low, Medium, or High.

    • High sets cost to 3.
    • Medium sets cost to 2.
    • Low sets cost to 1.

    For example, if the Load Policy is LOW_COST, FortiGates usually choose links with lower cost first. As a result, the interface with the lowest assigned cost of 1 is selected.
    Public IP Toggle On if the IP is public.
Previous
Next

Creating ISP links

To create ISP links:
  1. Go to Configuration > Shared Resources > Network > ISP Link.
  2. In the toolbar, click +Create New.

    A dialog box is displayed.

  3. Configure the settings, and click OK.

    Option Description
    Name Enter a name for the ISP link.
    Type

    From the dropdown, select one of the following options:

    • Internet: An Internet ISP link with a public IP can both initiate or respond IPsec negotiation with peer devices.
    • MPLS: If a WAN port is set as MPLS link type with Private Wire on, it can only establish IPsec tunnels with other devices’ WAN ports that are also configured as MPLS.
    • LTE: Usually used when local WAN port is behind NAT or without a public IP address. If a WAN port is set as LTE, it can only be IPSec initiator but not responder.
    Cost

    From the dropdown, select Low, Medium, or High.

    • High sets cost to 3.
    • Medium sets cost to 2.
    • Low sets cost to 1.

    For example, if the Load Policy is LOW_COST, FortiGates usually choose links with lower cost first. As a result, the interface with the lowest assigned cost of 1 is selected.
    Public IP Toggle On if the IP is public.
Previous
Next