Fortinet black logo

Single Datacenter for Enterprise

Home FortiManager 7.2.0 Single Datacenter for Enterprise
7.2.0
7.2.0

Solution overview

Solution overview

This guide is separated into the following parts:

  1. In FortiManager, configure the overlay network using the SD-WAN Overlay Provisioning Template.

    One-to-one overlay mapping per underlay: in this design, each branch underlay terminates a new IPsec tunnel to one—and only one—gateway underlay. This is the most common overlay design, and simplifies our configuration, but also provides less redundancy than the subsequent full mesh. Full mesh overlay mapping is generally not recommended for multi-datacenter deployments, unless there is a specific use case by which this may be required.

  2. Assign Meta fields to Branch devices.
  3. Configure SD-WAN rules for Corporate and Internet traffic

    Direct Internet Access (DIA): used when local internet breakout at a branch location is required. This is typically SaaS applications or websites, located on the internet, which the branches will access directly. SD-WAN applies intelligence to select the best WAN link for this access.

    Branch to Corporate LAN: Preference is given to the primary DC connections when accessing corporate resources. If the primary DC is unable to meet SLA requirements, the secondary DC is selected.

  4. Create a Policy Package for the Branches and Hub.
    • Branches
      1. Branch to DC
      2. Branch to internet.
    • Hub
      1. Branch to DC
      2. SLA-healthcheck
  5. Deploy the configuration to the devices.

Basic policies are provided to facilitate communication. Additional features discussed in the architecture guide, such as ADVPN and forward error correction, are discussed in Extensions, and you can add them to the configuration later. If you plan to implement one of these features as part of your design, be sure to review the relevant section prior to beginning so that you may incorporate the steps inline.

FortiManager provides continued value post deployment through SD-WAN monitoring, IPsec monitoring, and change management.

Previous
Next

Solution overview

This guide is separated into the following parts:

  1. In FortiManager, configure the overlay network using the SD-WAN Overlay Provisioning Template.

    One-to-one overlay mapping per underlay: in this design, each branch underlay terminates a new IPsec tunnel to one—and only one—gateway underlay. This is the most common overlay design, and simplifies our configuration, but also provides less redundancy than the subsequent full mesh. Full mesh overlay mapping is generally not recommended for multi-datacenter deployments, unless there is a specific use case by which this may be required.

  2. Assign Meta fields to Branch devices.
  3. Configure SD-WAN rules for Corporate and Internet traffic

    Direct Internet Access (DIA): used when local internet breakout at a branch location is required. This is typically SaaS applications or websites, located on the internet, which the branches will access directly. SD-WAN applies intelligence to select the best WAN link for this access.

    Branch to Corporate LAN: Preference is given to the primary DC connections when accessing corporate resources. If the primary DC is unable to meet SLA requirements, the secondary DC is selected.

  4. Create a Policy Package for the Branches and Hub.
    • Branches
      1. Branch to DC
      2. Branch to internet.
    • Hub
      1. Branch to DC
      2. SLA-healthcheck
  5. Deploy the configuration to the devices.

Basic policies are provided to facilitate communication. Additional features discussed in the architecture guide, such as ADVPN and forward error correction, are discussed in Extensions, and you can add them to the configuration later. If you plan to implement one of these features as part of your design, be sure to review the relevant section prior to beginning so that you may incorporate the steps inline.

FortiManager provides continued value post deployment through SD-WAN monitoring, IPsec monitoring, and change management.

Previous
Next