Fortinet black logo

SD-WAN Orchestrator 7.0.0.r2 Release Notes

Home FortiManager 7.0.0 SD-WAN Orchestrator 7.0.0.r2 Release Notes

What’s new

7.0.0
7.0.0
Copy Link
Copy Doc ID 3eb563f8-cacd-11eb-97f7-00505692583a:226277
Download PDF

What’s new

This section identifies new features and enhancements available with SD-WAN Orchestrator MEA 7.0.0.r2.

For information about what's new in FortiManager 7.0, see the FortiManager 7.0 New Features Guide.

Support for full-mesh tunnel links

Support for establishing full-mesh overlay links on WAN ports between hub devices and edge devices in the same region.

When creating a profile for hub or edge devices, select the DIAL_UP_FULL_MESH option from the VPN Mode with Edge list.

Support to send configuration scripts

A new Sync to FortiManager option lets you send configuration scripts from SD-WAN Orchestrator MEA to FortiManager for additional configuration before installation on FortiGate devices. After the configuration scripts are synchronized to FortiManager, the status of the device in SD-WAN Orchestrator MEA changes to Synchronized_to_FortiManager.

After FortiManager receives the scripts, the admin can use FortiManager to add additional configuration information, and then install the configuration changes to FortiGate devices. SD-WAN Orchestrator MEA periodically polls FortiGate devices for configuration information.

After changes from FortiManager are successfully installed on FortiGate devices, the status of the devices in SD-WAN Orchestrator MEA changes to Synchronized.

This new feature is also useful for a zero-touch provisioning (ZTP) workflow. You can use both SD-WAN Orchestrator MEA and FortiManager to provide configuration information, and the configuration is installed to FortiGate devices when they are online.

Better management of FortiGate objects and attributes

SD-WAN Orchestrator MEA can create and manage some, but not all FortiGate objects and attributes. If SD-WAN Orchestrator MEA manages an attribute and the admin changes the attribute by using FortiManager or FortiGate, the attribute is recovered to the default value assigned by SD-WAN Orchestrator MEA. However if an attribute is not managed by SD-WAN Orchestrator MEA, an admin can change it by using FortiManager or FortiGate as needed for special cases.

For more information about the objects and attributes managed by SD-WAN Orchestrator MEA, see the SD-WAN Orchestrator MEA 7.0.0.r2 Administration Guide.

Support for hardware switches

A hardware switch is a virtual switch interface that groups different ports together so that the FortiGate can use the group as a single interface. Supported FortiGate models have a default hardware switch called either internal or lan. The hardware switch is supported by the chipset at the hardware level.

SD-WAN Orchestrator MEA supports the following FortiGate platforms that support hardware switches:

  • FortiGate 60E/61E series
  • FortiGate 80E/81E series
  • FortiGate 90E/91E series
  • FortiGate 100E(F)/101E series
  • FortiGate 140E series
  • FortiGate 40F series
  • FortiGate 60F/61F series
  • FortiGate 80F/81F series
  • FortiGate 100F/101F series

When you create a profile or set device settings for supported FortiGate hardware models, you can configure a hardware switch. In the Network > Interface > LAN section, create new and select HARD_SWITCH from the Port Type list. The Name, Port Type, IP Pool, Subnet mask length, and Interface members options are required.

Support for software switches

A software switch is a virtual switch that is implemented at the software or firmware level and not at the hardware level.

When you create a profile or set device settings for FGT-VM or FortiGate hardware models, you can configure a software switch. In the Network > Interface > LAN section, create new and select SOFT_SWITCH from the Port Type list. The Name, Port Type, IP Pool, Subnet mask length, and Interface members options are required.

Support for virtual wire pairs

A virtual wire pair consists of two interfaces that do not have IP addressing and are treated like a transparent-mode VDOM.

When you create a profile or set device settings for FGT-VM or FortiGate hardware models, you can configure virtual wire pairs. In the Network > Virtual Wire Pair section, create new and set the options. The Name and Interface Members options are required.

A virtual wire pair must have exactly 2 interface members.

Note

For a newly created virtual wire pair, remember to configure a virtual wire pair policy in FortiManager.

Other improvements

  • IPsec tunnel names

    The IPsec tunnel name for edge devices has been changed for easier debugging.

  • WAN port options

    Interface Status has been added to the WAN port options. When a physical WAN port is set to Disabled and Interface Status is UP and Mode is Static, the underlay and overlay links will not be initiated on the WAN port. However, underlay and overlay links can be established on the VLAN ports based on this physical WAN port.

Previous
Next

What’s new

This section identifies new features and enhancements available with SD-WAN Orchestrator MEA 7.0.0.r2.

For information about what's new in FortiManager 7.0, see the FortiManager 7.0 New Features Guide.

Support for full-mesh tunnel links

Support for establishing full-mesh overlay links on WAN ports between hub devices and edge devices in the same region.

When creating a profile for hub or edge devices, select the DIAL_UP_FULL_MESH option from the VPN Mode with Edge list.

Support to send configuration scripts

A new Sync to FortiManager option lets you send configuration scripts from SD-WAN Orchestrator MEA to FortiManager for additional configuration before installation on FortiGate devices. After the configuration scripts are synchronized to FortiManager, the status of the device in SD-WAN Orchestrator MEA changes to Synchronized_to_FortiManager.

After FortiManager receives the scripts, the admin can use FortiManager to add additional configuration information, and then install the configuration changes to FortiGate devices. SD-WAN Orchestrator MEA periodically polls FortiGate devices for configuration information.

After changes from FortiManager are successfully installed on FortiGate devices, the status of the devices in SD-WAN Orchestrator MEA changes to Synchronized.

This new feature is also useful for a zero-touch provisioning (ZTP) workflow. You can use both SD-WAN Orchestrator MEA and FortiManager to provide configuration information, and the configuration is installed to FortiGate devices when they are online.

Better management of FortiGate objects and attributes

SD-WAN Orchestrator MEA can create and manage some, but not all FortiGate objects and attributes. If SD-WAN Orchestrator MEA manages an attribute and the admin changes the attribute by using FortiManager or FortiGate, the attribute is recovered to the default value assigned by SD-WAN Orchestrator MEA. However if an attribute is not managed by SD-WAN Orchestrator MEA, an admin can change it by using FortiManager or FortiGate as needed for special cases.

For more information about the objects and attributes managed by SD-WAN Orchestrator MEA, see the SD-WAN Orchestrator MEA 7.0.0.r2 Administration Guide.

Support for hardware switches

A hardware switch is a virtual switch interface that groups different ports together so that the FortiGate can use the group as a single interface. Supported FortiGate models have a default hardware switch called either internal or lan. The hardware switch is supported by the chipset at the hardware level.

SD-WAN Orchestrator MEA supports the following FortiGate platforms that support hardware switches:

  • FortiGate 60E/61E series
  • FortiGate 80E/81E series
  • FortiGate 90E/91E series
  • FortiGate 100E(F)/101E series
  • FortiGate 140E series
  • FortiGate 40F series
  • FortiGate 60F/61F series
  • FortiGate 80F/81F series
  • FortiGate 100F/101F series

When you create a profile or set device settings for supported FortiGate hardware models, you can configure a hardware switch. In the Network > Interface > LAN section, create new and select HARD_SWITCH from the Port Type list. The Name, Port Type, IP Pool, Subnet mask length, and Interface members options are required.

Support for software switches

A software switch is a virtual switch that is implemented at the software or firmware level and not at the hardware level.

When you create a profile or set device settings for FGT-VM or FortiGate hardware models, you can configure a software switch. In the Network > Interface > LAN section, create new and select SOFT_SWITCH from the Port Type list. The Name, Port Type, IP Pool, Subnet mask length, and Interface members options are required.

Support for virtual wire pairs

A virtual wire pair consists of two interfaces that do not have IP addressing and are treated like a transparent-mode VDOM.

When you create a profile or set device settings for FGT-VM or FortiGate hardware models, you can configure virtual wire pairs. In the Network > Virtual Wire Pair section, create new and set the options. The Name and Interface Members options are required.

A virtual wire pair must have exactly 2 interface members.

Note

For a newly created virtual wire pair, remember to configure a virtual wire pair policy in FortiManager.

Other improvements

  • IPsec tunnel names

    The IPsec tunnel name for edge devices has been changed for easier debugging.

  • WAN port options

    Interface Status has been added to the WAN port options. When a physical WAN port is set to Disabled and Interface Status is UP and Mode is Static, the underlay and overlay links will not be initiated on the WAN port. However, underlay and overlay links can be established on the VLAN ports based on this physical WAN port.

Previous
Next