Fortinet black logo

Multiple Datacenters for Enterprise (primary/primary)

Home FortiManager 7.2.0 Multiple Datacenters for Enterprise (primary/primary)
7.2.0
7.2.0

ADVPN

ADVPN

Auto-Discovery VPN is used to dynamically build overlay tunnels between devices in an SD-WAN region. The SD-WAN hub is the ADVPN sender that provides branch devices with the necessary details to establish their own tunnels as necessary.

Following is a summary of enabling ADVPN:

  1. Enable ADVPN. See Enabling ADVPN.
  2. Edit the branch template to add Branch_NET as a destination address. See Editing branch templates.
  3. Make policy routes visible in the GUI for HUB1. See Display policy routes.

Enabling ADVPN

Edit an SD-WAN overlay template to enable ADVPN, which automatically adds the required settings to the IPsec template and the BGP template.

To enable ADVPN:
  1. Go to Device Manager > Provisioning templates > SD-WAN Overlay Template, and double-click the ACME SD-WAN Overlay template to open it for editing.
  2. Expand the Advanced menu, and enable the Auto-Discovery VPN toggle.
  3. Click Next five (5) times to complete the wizard.

    The required settings are added to the IPsec template and BGP template.

Editing branch templates

Edit the branch template to add Branch_NET as a destination address.

To edit the branches template:
  1. Go to SD-WAN Templates, and double-click the the branches template to open it for editing.
  2. In the SD-WAN Rules section, double-click the Corporate_Traffic rule to open it for editing.
  3. Under Destination, add Branch_NET as a destination address (in addition to the Datacenter LAN1 subnet), and click OK to save the template.

Display policy routes

Change the display options for HUB1 to make policy routes visible in the GUI.

To display policy routes:
  1. In the tree menu under Managed FortiGates, select HUB1.
  2. In the second-from-left pane, click Display Options. The Display Options dialog box is displayed.
  3. Enable Router > Policy Route, and click OK.
Previous
Next

ADVPN

Auto-Discovery VPN is used to dynamically build overlay tunnels between devices in an SD-WAN region. The SD-WAN hub is the ADVPN sender that provides branch devices with the necessary details to establish their own tunnels as necessary.

Following is a summary of enabling ADVPN:

  1. Enable ADVPN. See Enabling ADVPN.
  2. Edit the branch template to add Branch_NET as a destination address. See Editing branch templates.
  3. Make policy routes visible in the GUI for HUB1. See Display policy routes.

Enabling ADVPN

Edit an SD-WAN overlay template to enable ADVPN, which automatically adds the required settings to the IPsec template and the BGP template.

To enable ADVPN:
  1. Go to Device Manager > Provisioning templates > SD-WAN Overlay Template, and double-click the ACME SD-WAN Overlay template to open it for editing.
  2. Expand the Advanced menu, and enable the Auto-Discovery VPN toggle.
  3. Click Next five (5) times to complete the wizard.

    The required settings are added to the IPsec template and BGP template.

Editing branch templates

Edit the branch template to add Branch_NET as a destination address.

To edit the branches template:
  1. Go to SD-WAN Templates, and double-click the the branches template to open it for editing.
  2. In the SD-WAN Rules section, double-click the Corporate_Traffic rule to open it for editing.
  3. Under Destination, add Branch_NET as a destination address (in addition to the Datacenter LAN1 subnet), and click OK to save the template.

Display policy routes

Change the display options for HUB1 to make policy routes visible in the GUI.

To display policy routes:
  1. In the tree menu under Managed FortiGates, select HUB1.
  2. In the second-from-left pane, click Display Options. The Display Options dialog box is displayed.
  3. Enable Router > Policy Route, and click OK.
Previous
Next