Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.6.1 Administration Guide
    7.6.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    SD-WAN rules

    SD-WAN rules

    You can use SD-WAN templates to configure SD-WAN rules for one or more devices. When you assign SD-WAN templates to a device, you are using SD-WAN central management.

    If you want to use SD-WAN per-device management, do not assign SD-WAN templates to devices, and see Device DB - Network SD-WAN.

    SD-WAN templates help you do the following:

    • Deploy a single SD-WAN template from FortiManager across multiple FortiGate devices.

    • Perform a zero-touch deployment without manual configuration locally at the FortiGate devices.

    • Roll out a uniform SD-WAN configuration across your network.

    • Eliminate errors in SD-WAN configuration across multiple FortiGate devices since the SD-WAN template is applied centrally from FortiManager.

    • Monitor network Performance SLA across multiple FortiGate devices centrally from FortiManager.

    • Monitor the performance of your SD-WAN with multiple views.

    Note

    If you are implementing overlays (IPsec tunnels) in your SD-WAN solution, you may consider SD-WAN Overlay Templates to automate and simplify the process using Fortinet's recommended IPsec and BGP templates. See SD-WAN overlay orchestration.
    To use SD-WAN templates:

    1. Create an SD-WAN template. See SD-WAN templates.

    2. Assign the SD-WAN templates to FortiGate devices and device groups. See Assign SD-WAN templates to devices and device groups.

    3. Install device settings using the Install Wizard. See Install device settings only.

      Templates should be executed in the following order:

      1. Interface template

      2. IPsec template

      3. SD-WAN template

    4. Go to SD-WAN > Monitor to monitor the FortiGate devices. See SD-WAN Monitor .

    The SD-WAN template takes effect on the FortiGate device only after it is installed using the Install Wizard. After installing the SD-WAN template on the FortiGate device, changing settings in SD-WAN, Performance SLA, or SD-WAN Rules locally on the FortiGate device will result in the SD-WAN template on the FortiManager being out of sync with the FortiGate device. You must configure the same settings on the FortiManager SD-WAN template, and install it again by using the Install Wizard to be in sync with the settings on the FortiGate.

    Tooltip

    Some FortiGate model devices include a default policy to allow initial management access to the device using a specified interface.

    As SD-WAN members may not use interfaces that are referenced directly in firewall policies, you must remove this reference by deleting the policy before installing the SD-WAN template.

    This can be done manually through the CLI or GUI, or by installing a new policy package to the device that does not contain the default policy.
    Previous
    Next

    SD-WAN rules

    SD-WAN rules

    You can use SD-WAN templates to configure SD-WAN rules for one or more devices. When you assign SD-WAN templates to a device, you are using SD-WAN central management.

    If you want to use SD-WAN per-device management, do not assign SD-WAN templates to devices, and see Device DB - Network SD-WAN.

    SD-WAN templates help you do the following:

    • Deploy a single SD-WAN template from FortiManager across multiple FortiGate devices.

    • Perform a zero-touch deployment without manual configuration locally at the FortiGate devices.

    • Roll out a uniform SD-WAN configuration across your network.

    • Eliminate errors in SD-WAN configuration across multiple FortiGate devices since the SD-WAN template is applied centrally from FortiManager.

    • Monitor network Performance SLA across multiple FortiGate devices centrally from FortiManager.

    • Monitor the performance of your SD-WAN with multiple views.

    Note

    If you are implementing overlays (IPsec tunnels) in your SD-WAN solution, you may consider SD-WAN Overlay Templates to automate and simplify the process using Fortinet's recommended IPsec and BGP templates. See SD-WAN overlay orchestration.
    To use SD-WAN templates:

    1. Create an SD-WAN template. See SD-WAN templates.

    2. Assign the SD-WAN templates to FortiGate devices and device groups. See Assign SD-WAN templates to devices and device groups.

    3. Install device settings using the Install Wizard. See Install device settings only.

      Templates should be executed in the following order:

      1. Interface template

      2. IPsec template

      3. SD-WAN template

    4. Go to SD-WAN > Monitor to monitor the FortiGate devices. See SD-WAN Monitor .

    The SD-WAN template takes effect on the FortiGate device only after it is installed using the Install Wizard. After installing the SD-WAN template on the FortiGate device, changing settings in SD-WAN, Performance SLA, or SD-WAN Rules locally on the FortiGate device will result in the SD-WAN template on the FortiManager being out of sync with the FortiGate device. You must configure the same settings on the FortiManager SD-WAN template, and install it again by using the Install Wizard to be in sync with the settings on the FortiGate.

    Tooltip

    Some FortiGate model devices include a default policy to allow initial management access to the device using a specified interface.

    As SD-WAN members may not use interfaces that are referenced directly in firewall policies, you must remove this reference by deleting the policy before installing the SD-WAN template.

    This can be done manually through the CLI or GUI, or by installing a new policy package to the device that does not contain the default policy.
    Previous
    Next