Fortinet black logo

Configuring SD-WAN interfaces

6.2.0
Copy Link
Copy Doc ID 1e9179fe-c082-11ea-8b7d-00505692583a:147525
Download PDF

Configuring SD-WAN interfaces

To use the secure SD-WAN capability, we need to configure the primary and secondary Zscaler ZENs as SD-WAN interface members.

In this example, the SF ZEN is closer, so we will choose the Lowest Cost (SLA) SD-WAN algorithm to prefer the SF ZEN over the DC ZEN, and configure the Zscaler-SF interface with a lower cost.

To configure the primary ZEN as an SD-WAN interface member:
  1. Go to Network > SD-WAN, and click Create New from the SD-WAN Interface Members section. The New SD-WAN Member modal slides on screen.
  2. Configure the Interface to be Zscaler-SF from the drop-down list.
  3. Configure the Cost to be 5. A lower Cost value indicates that this member is the primary interface member, and is preferred more than a member with a higher Cost value when using the Lowest Cost (SLA) strategy.
    Configuring the Cost parameter of an SD-WAN interface member
  4. Click OK.
To configure the secondary ZEN as an SD-WAN interface member:
  1. Go to Network > SD-WAN Zones, and click Create New > SD-WAN Member. The New SD-WAN Member screen displays.
  2. Configure the Interface to be Zscaler-DC from the drop-down list.
  3. Configure the Cost to be 10. A higher Cost value indicates that this member is the secondary interface member, and is preferred less than a member with a lower Cost value when using the Lowest Cost (SLA) strategy.
    Configuring the Cost parameter of an SD-WAN interface member
  4. Click OK.

Similarly, repeat the above procedure to configure the Internet_A and Internet_B interfaces with Costs of 5 and 10 respectively.

After all the SD-WAN interface members are configured as required, verify the configurations on the Network > SD-WAN screen.

SD-WAN interface members

After configuring SD-WAN interface members, we need to configure a static route that points to the SD-WAN interface.

To configure the static route:
  1. Go to Network > Static Routes, and click Create New > IPv4 Static Route. The New Static Route screen displays.
  2. Select Subnet for the Destination setting and enter 0.0.0.0/0.0.0.0 in the associated text input field.
  3. Select SD-WAN as the Interface from the drop-down list.
  4. Click OK.

Configuring a static route for the SD-WAN interface

Configuring SD-WAN interfaces

To use the secure SD-WAN capability, we need to configure the primary and secondary Zscaler ZENs as SD-WAN interface members.

In this example, the SF ZEN is closer, so we will choose the Lowest Cost (SLA) SD-WAN algorithm to prefer the SF ZEN over the DC ZEN, and configure the Zscaler-SF interface with a lower cost.

To configure the primary ZEN as an SD-WAN interface member:
  1. Go to Network > SD-WAN, and click Create New from the SD-WAN Interface Members section. The New SD-WAN Member modal slides on screen.
  2. Configure the Interface to be Zscaler-SF from the drop-down list.
  3. Configure the Cost to be 5. A lower Cost value indicates that this member is the primary interface member, and is preferred more than a member with a higher Cost value when using the Lowest Cost (SLA) strategy.
    Configuring the Cost parameter of an SD-WAN interface member
  4. Click OK.
To configure the secondary ZEN as an SD-WAN interface member:
  1. Go to Network > SD-WAN Zones, and click Create New > SD-WAN Member. The New SD-WAN Member screen displays.
  2. Configure the Interface to be Zscaler-DC from the drop-down list.
  3. Configure the Cost to be 10. A higher Cost value indicates that this member is the secondary interface member, and is preferred less than a member with a lower Cost value when using the Lowest Cost (SLA) strategy.
    Configuring the Cost parameter of an SD-WAN interface member
  4. Click OK.

Similarly, repeat the above procedure to configure the Internet_A and Internet_B interfaces with Costs of 5 and 10 respectively.

After all the SD-WAN interface members are configured as required, verify the configurations on the Network > SD-WAN screen.

SD-WAN interface members

After configuring SD-WAN interface members, we need to configure a static route that points to the SD-WAN interface.

To configure the static route:
  1. Go to Network > Static Routes, and click Create New > IPv4 Static Route. The New Static Route screen displays.
  2. Select Subnet for the Destination setting and enter 0.0.0.0/0.0.0.0 in the associated text input field.
  3. Select SD-WAN as the Interface from the drop-down list.
  4. Click OK.

Configuring a static route for the SD-WAN interface