Auto-Discovery VPN is used to dynamically build overlay tunnels between devices in an SD-WAN region. The SD-WAN hub is the ADVPN sender that provides branch devices with the necessary details to establish their own tunnels as necessary.
Following is a summary of enabling ADVPN:
- Enable ADVPN. See Enabling ADVPN.
- Edit the branch template to add Branch_NET as a destination address. See Editing branch templates.
- Make policy routes visible in the GUI for HUB1. See Display policy routes.
Edit an SD-WAN overlay template to enable ADVPN, which automatically adds the required settings to the IPsec template and the BGP template.
- Go to Device Manager > Provisioning templates > SD-WAN Overlay Template, and double-click the ACME SD-WAN Overlay template to open it for editing.
- Expand the Advanced menu, and enable the Auto-Discovery VPN toggle.
- Click Next five (5) times to complete the wizard.
The required settings are added to the IPsec template and BGP template.
Edit the branch template to add Branch_NET as a destination address.
- Go to SD-WAN Templates, and double-click the the branches template to open it for editing.
- In the SD-WAN Rules section, double-click the Corporate_Traffic rule to open it for editing.
- Under Destination, add Branch_NET as a destination address (in addition to the Datacenter LAN1 subnet), and click OK to save the template.
Change the display options for HUB1 to make policy routes visible in the GUI.
- In the tree menu under Managed FortiGates, select HUB1.
- In the second-from-left pane, click Display Options. The Display Options dialog box is displayed.
- Enable Router > Policy Route, and click OK.