Fortinet white logo
Fortinet white logo

SD-WAN Deployment for MSSPs

FortiManager toolset

FortiManager toolset

The following table summarizes the FortiManager tools we will be using in the next chapters to template different parts of the SD-WAN node configuration:

SD-WAN node configuration

FortiManager tools

Underlay (interfaces, IP addresses) Jinja templates
Overlay (IPsec, ADVPN)
Routing (BGP)
SD-WAN SD-WAN templates
Firewall policies Policy packages

The first three rows in the table describe the design foundation. These parts of the SD-WAN node configuration remain largely untouched throughout the lifecycle of the project. Even between different projects, the variance remains minimal. For example, the overlay network configuration is strictly determined by our Best Practice guidelines. In other words, it is not (and should not be) part of the Operations.

As can be seen in the table above, the design foundation will be configured using a generic set of Jinja Templates provided by us. This set produces our Best Practice configuration, and it can be easily fine-tuned to your deployment, using a combination of per-project and per-site variables. In addition, it abstracts the implementation details away from the operator (as well as from any external Orchestrator). In this document we will demonstrate the use of this template set.

Note

The latest version of the template set can be found in our dedicated GitHub repository. See External resources.

As for the other parts of the configuration, such as SD-WAN and Firewall Policy, they will be configured using the standard GUI-based tools available in FortiManager: SD-WAN Templates and Policy Packages. These features are part of the daily network and security operations, and they directly represent Customer’s intent (traffic steering policies and security policies respectively). This is where the GUI-based templates fit best, thanks to the ease of use and the visibility they provide.

These tools can also be interacted with using the API, as we will demonstrate in this document.

FortiManager toolset

FortiManager toolset

The following table summarizes the FortiManager tools we will be using in the next chapters to template different parts of the SD-WAN node configuration:

SD-WAN node configuration

FortiManager tools

Underlay (interfaces, IP addresses) Jinja templates
Overlay (IPsec, ADVPN)
Routing (BGP)
SD-WAN SD-WAN templates
Firewall policies Policy packages

The first three rows in the table describe the design foundation. These parts of the SD-WAN node configuration remain largely untouched throughout the lifecycle of the project. Even between different projects, the variance remains minimal. For example, the overlay network configuration is strictly determined by our Best Practice guidelines. In other words, it is not (and should not be) part of the Operations.

As can be seen in the table above, the design foundation will be configured using a generic set of Jinja Templates provided by us. This set produces our Best Practice configuration, and it can be easily fine-tuned to your deployment, using a combination of per-project and per-site variables. In addition, it abstracts the implementation details away from the operator (as well as from any external Orchestrator). In this document we will demonstrate the use of this template set.

Note

The latest version of the template set can be found in our dedicated GitHub repository. See External resources.

As for the other parts of the configuration, such as SD-WAN and Firewall Policy, they will be configured using the standard GUI-based tools available in FortiManager: SD-WAN Templates and Policy Packages. These features are part of the daily network and security operations, and they directly represent Customer’s intent (traffic steering policies and security policies respectively). This is where the GUI-based templates fit best, thanks to the ease of use and the visibility they provide.

These tools can also be interacted with using the API, as we will demonstrate in this document.