Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • SD-WAN Deployment for MSSPs

    Home FortiGate / FortiOS 7.4.0 SD-WAN Deployment for MSSPs
    7.4.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0

    Example project template

    Example project template

    Here we are going to complete the steps described in Defining the Project Template for our example project.

    1. Define the loopback summary:
          {% set lo_summary = '10.200.0.0/14' %}
    2. Enable Dynamic BGP:
          {% set dynamic_bgp = true %}
    3. Define the two regions:
          {% set regions = {
        'West': {
          'as': '65001',
          'lan_summary': '10.0.0.0/14',
          'lo_summary': '10.200.1.0/24',
          'hubs': [ 'site1-H1', 'site1-H2' ]
        },
        'East': {
          'as': '65002',
          'lan_summary': '10.4.0.0/14',
          'lo_summary': '10.200.2.0/24',
          'hubs': [ 'site2-H1' ]
        }
      }
    %}
    4. Define the two device profiles:
          {% set profiles = {

        'Silver': {
          'interfaces': [
            {
              'name': 'port1',
              'role': 'wan',
              'ol_type': 'ISP1',
              'ip': 'dhcp'
            },
            {
              'name': 'port4',
              'role': 'wan',
              'ol_type': 'MPLS',
              'ip': mpls_wan_ip
            },
            {
              'name': 'port5',
              'role': 'lan',
              'ip': lan_ip
            }
          ]
        },

        'Gold': {
          'interfaces': [
            {
              'name': 'port1',
              'role': 'wan',
              'ol_type': 'ISP1',
              'ip': 'dhcp'
            },
            {
              'name': 'port2',
              'role': 'wan',
              'ol_type': 'ISP2',
              'ip': 'dhcp'
            },
            {
              'name': 'port4',
              'role': 'wan',
              'ol_type': 'MPLS',
              'ip': mpls_wan_ip
            },
            {
              'name': 'port5',
              'role': 'lan',
              'ip': lan_ip
            }
          ]
        }

      }
    %}

      Notes:

      • In our example project, all the Internet links receive their connectivity information from the DHCP servers. Hence, we use the keyword dhcp.
      • The links connecting to the MPLS network, on the other hand, do not use DHCP. Instead, their underlay IP addresses will be defined on a per-device basis, using FortiManager meta field mpls_wan_ip.
    5. Define the Hubs:
          {% set hubs = {

        'site1-H1': {
          'lo_bgp': '10.200.1.253',
          'overlays': {
            'ISP1': {
              'wan_ip': '100.64.1.1',
              'network_id': '11'
            },
            'ISP2': {
              'wan_ip': '100.64.1.9',
              'network_id': '12'
            },
            'MPLS': {
              'wan_ip': '172.16.1.5',
              'network_id': '13'
            }
          }
        },

        'site1-H2': {
          'lo_bgp': '10.200.1.254',
          'overlays': {
            'ISP1': {
              'wan_ip': '100.64.2.1',
              'network_id': '21'
            },
            'ISP2': {
              'wan_ip': '100.64.2.9',
              'network_id': '22'
            },
            'MPLS': {
              'wan_ip': '172.16.2.5',
              'network_id': '23'
            }
          }
        },

        'site2-H1': {
          'lo_bgp': '10.200.2.253',
          'overlays': {
            'ISP1': {
              'wan_ip': '100.64.4.1',
              'network_id': '41'
            },
            'MPLS': {
              'wan_ip': '172.16.4.5',
              'network_id': '43'
            }
          }
        }

      }
    %}

      Notes:

      • The Hub names correspond to those referred in the regions dictionary (using hubs lists).
      • The overlay names correspond to those referred in the device profiles dictionary (using ol_type parameter).
    Note

    The complete Project template for this example can be found under dynamic-bgp-on-lo/projects/Project.dualreg.cert.j2.
    Note

    Whenever you edit your Jinja templates, it is a good idea to validate the syntax. Many online services provide syntax validation, such as j2live (https://j2live.ttl255.com/).

    Simply copy and paste the entire template to the online service, and click Render. The Project template file will not produce any output, so if you see an empty result, this means you do not have any syntax errors. If you have a syntax error (such as a missing closing bracket), the rendering will fail.
    Previous
    Next

    Example project template

    Example project template

    Here we are going to complete the steps described in Defining the Project Template for our example project.

    1. Define the loopback summary:
          {% set lo_summary = '10.200.0.0/14' %}
    2. Enable Dynamic BGP:
          {% set dynamic_bgp = true %}
    3. Define the two regions:
          {% set regions = {
        'West': {
          'as': '65001',
          'lan_summary': '10.0.0.0/14',
          'lo_summary': '10.200.1.0/24',
          'hubs': [ 'site1-H1', 'site1-H2' ]
        },
        'East': {
          'as': '65002',
          'lan_summary': '10.4.0.0/14',
          'lo_summary': '10.200.2.0/24',
          'hubs': [ 'site2-H1' ]
        }
      }
    %}
    4. Define the two device profiles:
          {% set profiles = {

        'Silver': {
          'interfaces': [
            {
              'name': 'port1',
              'role': 'wan',
              'ol_type': 'ISP1',
              'ip': 'dhcp'
            },
            {
              'name': 'port4',
              'role': 'wan',
              'ol_type': 'MPLS',
              'ip': mpls_wan_ip
            },
            {
              'name': 'port5',
              'role': 'lan',
              'ip': lan_ip
            }
          ]
        },

        'Gold': {
          'interfaces': [
            {
              'name': 'port1',
              'role': 'wan',
              'ol_type': 'ISP1',
              'ip': 'dhcp'
            },
            {
              'name': 'port2',
              'role': 'wan',
              'ol_type': 'ISP2',
              'ip': 'dhcp'
            },
            {
              'name': 'port4',
              'role': 'wan',
              'ol_type': 'MPLS',
              'ip': mpls_wan_ip
            },
            {
              'name': 'port5',
              'role': 'lan',
              'ip': lan_ip
            }
          ]
        }

      }
    %}

      Notes:

      • In our example project, all the Internet links receive their connectivity information from the DHCP servers. Hence, we use the keyword dhcp.
      • The links connecting to the MPLS network, on the other hand, do not use DHCP. Instead, their underlay IP addresses will be defined on a per-device basis, using FortiManager meta field mpls_wan_ip.
    5. Define the Hubs:
          {% set hubs = {

        'site1-H1': {
          'lo_bgp': '10.200.1.253',
          'overlays': {
            'ISP1': {
              'wan_ip': '100.64.1.1',
              'network_id': '11'
            },
            'ISP2': {
              'wan_ip': '100.64.1.9',
              'network_id': '12'
            },
            'MPLS': {
              'wan_ip': '172.16.1.5',
              'network_id': '13'
            }
          }
        },

        'site1-H2': {
          'lo_bgp': '10.200.1.254',
          'overlays': {
            'ISP1': {
              'wan_ip': '100.64.2.1',
              'network_id': '21'
            },
            'ISP2': {
              'wan_ip': '100.64.2.9',
              'network_id': '22'
            },
            'MPLS': {
              'wan_ip': '172.16.2.5',
              'network_id': '23'
            }
          }
        },

        'site2-H1': {
          'lo_bgp': '10.200.2.253',
          'overlays': {
            'ISP1': {
              'wan_ip': '100.64.4.1',
              'network_id': '41'
            },
            'MPLS': {
              'wan_ip': '172.16.4.5',
              'network_id': '43'
            }
          }
        }

      }
    %}

      Notes:

      • The Hub names correspond to those referred in the regions dictionary (using hubs lists).
      • The overlay names correspond to those referred in the device profiles dictionary (using ol_type parameter).
    Note

    The complete Project template for this example can be found under dynamic-bgp-on-lo/projects/Project.dualreg.cert.j2.
    Note

    Whenever you edit your Jinja templates, it is a good idea to validate the syntax. Many online services provide syntax validation, such as j2live (https://j2live.ttl255.com/).

    Simply copy and paste the entire template to the online service, and click Render. The Project template file will not produce any output, so if you see an empty result, this means you do not have any syntax errors. If you have a syntax error (such as a missing closing bracket), the rendering will fail.
    Previous
    Next