Fortinet black logo

SD-WAN / SD-Branch Architecture for MSSPs

Home FortiGate / FortiOS 7.2.0 SD-WAN / SD-Branch Architecture for MSSPs
7.2.0
7.2.0
7.0.0
6.4.0

SD-Branch provisioning

SD-Branch provisioning

The recommended deployment workflow is easily extended to cover the SD-Branch solution:

As can be seen, the same stages (described in the Deployment workflow section) remain. The following changes are added:

  • During the Modeling and Templating stage, additional Provisioning Templates are created for the SD-Branch components (FortiSwitch, FortiAP, and FortiExtender). Recall that each SD-WAN node (FortiGate) acts as a local Controller for its SD-Branch components. Therefore, from the FortiManager perspective, the configuration of the SD-Branch components is applied on the SD-WAN node itself.

  • During Staging, additional Model Devices are created for the SD-Branch components (Model FSW, Model FAP, and Model FEX). Effectively, the entire SD-Branch is modeled inside FortiManager.

  • Finally, during Onboarding, a real FortiGate device connects to FortiManager, gets its entire configuration (including the added Provisioning Templates), and configures all its local SD-Branch components.

    Note

    No direct communication between FortiManager and the SD-Branch components is needed.

All the previously described onboarding options remain valid and range from a complete Zero-Touch Provisioning (ZTP) (of the entire SD-Branch) to a human-assisted Low-Touch Provisioning. At the end of this process, the entire SD-Branch is fully operational.

Previous
Next

SD-Branch provisioning

The recommended deployment workflow is easily extended to cover the SD-Branch solution:

As can be seen, the same stages (described in the Deployment workflow section) remain. The following changes are added:

  • During the Modeling and Templating stage, additional Provisioning Templates are created for the SD-Branch components (FortiSwitch, FortiAP, and FortiExtender). Recall that each SD-WAN node (FortiGate) acts as a local Controller for its SD-Branch components. Therefore, from the FortiManager perspective, the configuration of the SD-Branch components is applied on the SD-WAN node itself.

  • During Staging, additional Model Devices are created for the SD-Branch components (Model FSW, Model FAP, and Model FEX). Effectively, the entire SD-Branch is modeled inside FortiManager.

  • Finally, during Onboarding, a real FortiGate device connects to FortiManager, gets its entire configuration (including the added Provisioning Templates), and configures all its local SD-Branch components.

    Note

    No direct communication between FortiManager and the SD-Branch components is needed.

All the previously described onboarding options remain valid and range from a complete Zero-Touch Provisioning (ZTP) (of the entire SD-Branch) to a human-assisted Low-Touch Provisioning. At the end of this process, the entire SD-Branch is fully operational.

Previous
Next