Fortinet black logo

Creating an overlay template

7.2.0
Copy Link
Copy Doc ID 1a45e9c2-cd7a-11ec-bb32-fa163e15d75b:753881
Download PDF

Creating an overlay template

This section describes how to use the SD-WAN overlay template to configure the overlay network.

Tooltip

The SD-WAN overlay provisioning template supports metafields for each input box that displays a magnifying glass.

For more information, see the FortiManager 7.2 Administration Guide.

To create an overlay template:
  1. In FortiManager, go to Device Manager > Provisioning Templates > SD-WAN Overlay Templates.
  2. Click Create New. The Create New SD-WAN Overlay Template dialog box is displayed.

  3. Enter a name and description for the template, and click OK. The Region Settings pane is displayed.

  4. Set the region settings:
    1. Select Single Hub.
    2. Expand Advanced, and modify the default IP address scheme for loopback and overlay networks, BGP-AS number, and to enable AD-VPN as desired.

    3. Click Next.The Role Assignment pane is displayed.
  5. Set the role assignment:
    1. Set Standalone HUB to HUB1.
    2. Set Device Group Assignment to Branches.

    3. Click Next. The Network Configuration pane is displayed.
  6. Set the network configuration for the HUB:
    1. Under Standalone HUB, set WAN Underlay 1 to port1.
    2. Set WAN Underlay 2 to port2.
    3. Expand Advanced.

    4. Click Create New. The Create New Neighbor pane is displayed.
    5. Set Neighbor IP to 172.16.1.1.
    6. Set Remote AS to 65100.
    7. Click OK. The BGP neighbor is created.
    8. Note

      A neighbor is configured for the HUB to learn the route to the Corporate Datacenter LAN (192.168.1.0/24) over BGP. This is also why there is no need to specify a Network Advertisement. Routes learned from an eBGP peer are re-advertised to all iBGP and eBGP peers by default.

      Select Private Link if the port is on a private circuit, and you do not want to create an overlay network utilizing this link.

      Select Override IP if you want to manually input an IP address that remote branches will connect to. This is commonly used in public cloud providers where interfaces have private IP address or other NAT’d environments.

  7. Set the network configuration for the branch device group:
    1. Scroll down to Branch Device Group, and set WAN Underlay 1 to port1.
    2. Set WAN Underlay 2 to port2.
    3. Set Network Advertisement to Connected and port3.

      Note

      This interface will be advertised to the rest of the SD-WAN region. In this example, port3 is our LAN interface for each branch, and so will advertise the branch’s LAN subnet..

    4. Click Next. The SD-WAN Template Options pane is displayed.
  8. Set the SD-WAN template options:
    1. Enable Add Overlay Objects to SD-WAN Template.
    2. In the list, click Create New to create a new SD-WAN template named Branch_SDWAN.

      No configuration of the template is needed at this time.

    3. Enable Add Overlay Interfaces and Zones.
    4. Enable Add Healthcheck Servers for Each Hub as Performance SLA.

    5. Click Next.The Summary pane is displayed.
  9. Click Finish to save the template.

Creating an overlay template

This section describes how to use the SD-WAN overlay template to configure the overlay network.

Tooltip

The SD-WAN overlay provisioning template supports metafields for each input box that displays a magnifying glass.

For more information, see the FortiManager 7.2 Administration Guide.

To create an overlay template:
  1. In FortiManager, go to Device Manager > Provisioning Templates > SD-WAN Overlay Templates.
  2. Click Create New. The Create New SD-WAN Overlay Template dialog box is displayed.

  3. Enter a name and description for the template, and click OK. The Region Settings pane is displayed.

  4. Set the region settings:
    1. Select Single Hub.
    2. Expand Advanced, and modify the default IP address scheme for loopback and overlay networks, BGP-AS number, and to enable AD-VPN as desired.

    3. Click Next.The Role Assignment pane is displayed.
  5. Set the role assignment:
    1. Set Standalone HUB to HUB1.
    2. Set Device Group Assignment to Branches.

    3. Click Next. The Network Configuration pane is displayed.
  6. Set the network configuration for the HUB:
    1. Under Standalone HUB, set WAN Underlay 1 to port1.
    2. Set WAN Underlay 2 to port2.
    3. Expand Advanced.

    4. Click Create New. The Create New Neighbor pane is displayed.
    5. Set Neighbor IP to 172.16.1.1.
    6. Set Remote AS to 65100.
    7. Click OK. The BGP neighbor is created.
    8. Note

      A neighbor is configured for the HUB to learn the route to the Corporate Datacenter LAN (192.168.1.0/24) over BGP. This is also why there is no need to specify a Network Advertisement. Routes learned from an eBGP peer are re-advertised to all iBGP and eBGP peers by default.

      Select Private Link if the port is on a private circuit, and you do not want to create an overlay network utilizing this link.

      Select Override IP if you want to manually input an IP address that remote branches will connect to. This is commonly used in public cloud providers where interfaces have private IP address or other NAT’d environments.

  7. Set the network configuration for the branch device group:
    1. Scroll down to Branch Device Group, and set WAN Underlay 1 to port1.
    2. Set WAN Underlay 2 to port2.
    3. Set Network Advertisement to Connected and port3.

      Note

      This interface will be advertised to the rest of the SD-WAN region. In this example, port3 is our LAN interface for each branch, and so will advertise the branch’s LAN subnet..

    4. Click Next. The SD-WAN Template Options pane is displayed.
  8. Set the SD-WAN template options:
    1. Enable Add Overlay Objects to SD-WAN Template.
    2. In the list, click Create New to create a new SD-WAN template named Branch_SDWAN.

      No configuration of the template is needed at this time.

    3. Enable Add Overlay Interfaces and Zones.
    4. Enable Add Healthcheck Servers for Each Hub as Performance SLA.

    5. Click Next.The Summary pane is displayed.
  9. Click Finish to save the template.