Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • SD-WAN Deployment for MSSPs

    Home FortiGate / FortiOS 7.2.0 SD-WAN Deployment for MSSPs
    7.2.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0

    Defining the Project Template

    Defining the Project Template

    Typically, the following steps must be completed in order to define your Project Template:

    1. Define the following two aggregate subnets for your project:

      Parameter Description
      lan_summary

      A subnet summarizing all the corporate (internal) prefixes in the project

      lo_summary

      A subnet summarizing all the SD-WAN device loopbacks in the project

      Note

      In the BGP per overlay design method, lo_summary is replaced by tunnel_summary, summarizing all the tunnel subnets in the project.

    2. Define the regions of the project. For each region, define the following parameters:

      Parameter Description
      as

      Autonomous System number for the region

      lan_summary

      A subnet summarizing all the corporate (internal) prefixes in the region

      lo_summary

      A subnet summarizing all the SD-WAN device loopbacks in the region

      hubs

      List of the Hubs serving the region

      Note

      In the BGP per overlay design method, lo_summary is not required.

    3. Define the device profiles for the project. Each profile must list the interfaces and describe their roles and settings. Define the following parameters for each interface:

      Parameter Description
      name

      Interface name, as it appears on the FortiGate device

      role

      		Interface role (such as LAN-facing or WAN-facing)
      ol_type

      Overlay to be established over this interface

      ip

      IP address (including mask) or dhcp keyword for DHCP client

    4. Define the Hubs serving the project. All the Hubs referenced in the regions definition must be described here. For each Hub, define the following parameters:

      Parameter Description
      lo_bgp

      Hub loopback IP, used for BGP termination

      overlays

      Dictionary describing the overlays served by this Hub

      All the overlays referenced in the device profiles using ol_type parameter must be described here. For each overlay, define the following parameters:

      Parameter Description
      wan_ip

      Hub underlay IP used to build this overlay

      network_id

      Network ID used to connect to this overlay

      This overlay information will be used by the Edge devices to establish IPsec tunnels to the Hubs.

      Note

      In the BGP per overlay design method, tunnel_net parameter is required in addition to defining the tunnel subnet for each overlay. See External resources.

      It is a good idea to start from one of the Project Template examples provided in our GitHub repository.

    Previous
    Next

    Defining the Project Template

    Defining the Project Template

    Typically, the following steps must be completed in order to define your Project Template:

    1. Define the following two aggregate subnets for your project:

      Parameter Description
      lan_summary

      A subnet summarizing all the corporate (internal) prefixes in the project

      lo_summary

      A subnet summarizing all the SD-WAN device loopbacks in the project

      Note

      In the BGP per overlay design method, lo_summary is replaced by tunnel_summary, summarizing all the tunnel subnets in the project.

    2. Define the regions of the project. For each region, define the following parameters:

      Parameter Description
      as

      Autonomous System number for the region

      lan_summary

      A subnet summarizing all the corporate (internal) prefixes in the region

      lo_summary

      A subnet summarizing all the SD-WAN device loopbacks in the region

      hubs

      List of the Hubs serving the region

      Note

      In the BGP per overlay design method, lo_summary is not required.

    3. Define the device profiles for the project. Each profile must list the interfaces and describe their roles and settings. Define the following parameters for each interface:

      Parameter Description
      name

      Interface name, as it appears on the FortiGate device

      role

      		Interface role (such as LAN-facing or WAN-facing)
      ol_type

      Overlay to be established over this interface

      ip

      IP address (including mask) or dhcp keyword for DHCP client

    4. Define the Hubs serving the project. All the Hubs referenced in the regions definition must be described here. For each Hub, define the following parameters:

      Parameter Description
      lo_bgp

      Hub loopback IP, used for BGP termination

      overlays

      Dictionary describing the overlays served by this Hub

      All the overlays referenced in the device profiles using ol_type parameter must be described here. For each overlay, define the following parameters:

      Parameter Description
      wan_ip

      Hub underlay IP used to build this overlay

      network_id

      Network ID used to connect to this overlay

      This overlay information will be used by the Edge devices to establish IPsec tunnels to the Hubs.

      Note

      In the BGP per overlay design method, tunnel_net parameter is required in addition to defining the tunnel subnet for each overlay. See External resources.

      It is a good idea to start from one of the Project Template examples provided in our GitHub repository.

    Previous
    Next