Fortinet black logo

Configuring SD-WAN zones

6.4.1
Copy Link
Copy Doc ID af159f67-b80a-11ea-8b7d-00505692583a:147525
Download PDF

Configuring SD-WAN zones

To configure SD-WAN zones, you need to configure the primary and secondary Zscaler ZENs as SD-WAN interface members in an SD-WAN zone.

In this example, the SF ZEN is closer, so we will choose the Lowest Cost (SLA) SD-WAN algorithm to prefer the SF ZEN over the DC ZEN, and configure the Zscaler-SF interface with a lower cost.

We will configure two SD-WAN zones named Overlay and Underlay, and then configure SD-WAN interface members for those zones.

To configure the Overlay SD-WAN zone:
  1. Go to Network > SD-WAN Zones, and click Create New > SD-WAN Zone. The New SD-WAN Zone screen displays.
  2. Configure the Name field and leave the Interface members field blank.
    Configuring an SD-WAN zone
  3. Click OK.

Similarly, repeat the above procedure to create another SD-WAN zone Underlay:
Configuring an SD-WAN zone

After you create the SD-WAN zones, you need to configure the primary and secondary ZENs as SD-WAN interface members in the Overlay SD-WAN zone, and the Internet_A and Internet_B interfaces in the Underlay SD-WAN zone.

To configure the primary ZEN as an SD-WAN interface member in the Overlay SD-WAN zone:
  1. Go to Network > SD-WAN Zones, and click Create New > SD-WAN Member. The New SD-WAN Member screen displays.
  2. Configure the Interface to be Zscaler-SF from the drop-down list.
  3. Configure the SD-WAN Zone to be Overlay from the drop-down list.
  4. Configure the Cost to be 5. A lower Cost value indicates that this member is the primary interface member, and is preferred more than a member with a higher Cost value when using the Lowest Cost (SLA) strategy.
    Configuring the Cost parameter of an SD-WAN interface member
  5. Click OK.
To configure the secondary ZEN as an SD-WAN interface member in the Overlay SD-WAN zone:
  1. Go to Network > SD-WAN Zones, and click Create New > SD-WAN Member. The New SD-WAN Member screen displays.
  2. Configure the Interface to be Zscaler-DC from the drop-down list.
  3. Configure the SD-WAN Zone to be Overlay from the drop-down list.
  4. Configure the Cost to be 10. A higher Cost value indicates that this member is the secondary interface member, and is preferred less than a member with a lower Cost value when using the Lowest Cost (SLA) strategy.
    Configuring the Cost parameter of an SD-WAN interface member
  5. Click OK.

Similarly, repeat the above procedure to configure the Internet_A and Internet_B interfaces in the Underlay SD-WAN zone.

After both the Overlay and Underlay SD-WAN zones are configured, with SD-WAN interface members configured as required in each of the SD-WAN zones, verify the configurations on the Network > SD-WAN Zones screen.

SD-WAN interface members

After configuring SD-WAN zones, we need to configure a static route that points to the SD-WAN interface.

To configure the static route:
  1. Go to Network > Static Routes, and click Create New > IPv4 Static Route. The New Static Route screen displays.
  2. Select Subnet for the Destination setting and enter 0.0.0.0/0.0.0.0 in the associated text input field.
  3. Select SD-WAN as the Interface from the drop-down list.
  4. Click OK.

Configuring a static route for the SD-WAN interface

Configuring SD-WAN zones

To configure SD-WAN zones, you need to configure the primary and secondary Zscaler ZENs as SD-WAN interface members in an SD-WAN zone.

In this example, the SF ZEN is closer, so we will choose the Lowest Cost (SLA) SD-WAN algorithm to prefer the SF ZEN over the DC ZEN, and configure the Zscaler-SF interface with a lower cost.

We will configure two SD-WAN zones named Overlay and Underlay, and then configure SD-WAN interface members for those zones.

To configure the Overlay SD-WAN zone:
  1. Go to Network > SD-WAN Zones, and click Create New > SD-WAN Zone. The New SD-WAN Zone screen displays.
  2. Configure the Name field and leave the Interface members field blank.
    Configuring an SD-WAN zone
  3. Click OK.

Similarly, repeat the above procedure to create another SD-WAN zone Underlay:
Configuring an SD-WAN zone

After you create the SD-WAN zones, you need to configure the primary and secondary ZENs as SD-WAN interface members in the Overlay SD-WAN zone, and the Internet_A and Internet_B interfaces in the Underlay SD-WAN zone.

To configure the primary ZEN as an SD-WAN interface member in the Overlay SD-WAN zone:
  1. Go to Network > SD-WAN Zones, and click Create New > SD-WAN Member. The New SD-WAN Member screen displays.
  2. Configure the Interface to be Zscaler-SF from the drop-down list.
  3. Configure the SD-WAN Zone to be Overlay from the drop-down list.
  4. Configure the Cost to be 5. A lower Cost value indicates that this member is the primary interface member, and is preferred more than a member with a higher Cost value when using the Lowest Cost (SLA) strategy.
    Configuring the Cost parameter of an SD-WAN interface member
  5. Click OK.
To configure the secondary ZEN as an SD-WAN interface member in the Overlay SD-WAN zone:
  1. Go to Network > SD-WAN Zones, and click Create New > SD-WAN Member. The New SD-WAN Member screen displays.
  2. Configure the Interface to be Zscaler-DC from the drop-down list.
  3. Configure the SD-WAN Zone to be Overlay from the drop-down list.
  4. Configure the Cost to be 10. A higher Cost value indicates that this member is the secondary interface member, and is preferred less than a member with a lower Cost value when using the Lowest Cost (SLA) strategy.
    Configuring the Cost parameter of an SD-WAN interface member
  5. Click OK.

Similarly, repeat the above procedure to configure the Internet_A and Internet_B interfaces in the Underlay SD-WAN zone.

After both the Overlay and Underlay SD-WAN zones are configured, with SD-WAN interface members configured as required in each of the SD-WAN zones, verify the configurations on the Network > SD-WAN Zones screen.

SD-WAN interface members

After configuring SD-WAN zones, we need to configure a static route that points to the SD-WAN interface.

To configure the static route:
  1. Go to Network > Static Routes, and click Create New > IPv4 Static Route. The New Static Route screen displays.
  2. Select Subnet for the Destination setting and enter 0.0.0.0/0.0.0.0 in the associated text input field.
  3. Select SD-WAN as the Interface from the drop-down list.
  4. Click OK.

Configuring a static route for the SD-WAN interface