SD-Branch provisioning
The recommended deployment workflow is easily extended to cover the SD-Branch solution:
As can be seen, the same stages (described in the Deployment workflow section) remain. The following changes are added:
-
During the Modeling and Templating stage, additional Provisioning Templates are created for the SD-Branch components (FortiSwitch, FortiAP, and FortiExtender). Recall that each SD-WAN node (FortiGate) acts as a local Controller for its SD-Branch components. Therefore, from the FortiManager perspective, the configuration of the SD-Branch components is applied on the SD-WAN node itself.
-
During Staging, additional Model Devices are created for the SD-Branch components (Model FSW, Model FAP, and Model FEX). Effectively, the entire SD-Branch is modeled inside FortiManager.
-
Finally, during Onboarding, a real FortiGate device connects to FortiManager, gets its entire configuration (including the added Provisioning Templates), and configures all its local SD-Branch components.
No direct communication between FortiManager and the SD-Branch components is needed.
All the previously described onboarding options remain valid and range from a complete Zero-Touch Provisioning (ZTP) (of the entire SD-Branch) to a human-assisted Low-Touch Provisioning. At the end of this process, the entire SD-Branch is fully operational.