Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    New Features

    7.6.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Create default configuration of SD-WAN on FortiGate models with two WAN ports 7.6.5

    Create default configuration of SD-WAN on FortiGate models with two WAN ports 7.6.5

    Note

    This information is also available in the FortiOS 7.6 Administration Guide:

    FortiGate models with two WAN ports will have the following added to their default configuration:

    • Both WAN ports are set to DHCP mode.

    • An SD-WAN (sd-wan) zone is created, and both WAN ports are added as members.

    • Default firewall policy utilizes the SD-WAN zone.

    • An SLA is created, utilizing IP addresses 1.1.1.1 and 9.9.9.9 for internet connectivity evaluation.

    Affected FortiGate models (where x can be 0 or 1): 6xE, 6xF, 7xF, 7xG, 8xE, 8xF, 9xE, 9xG, 10xE, 100EF, 10xF, 12xG, 140E, 20xE, 20xF.

    To view the default configuration:

    1. On a supported device, view the SD-WAN configuration:

      • An SD-WAN (sd-wan) zone is created.

      • The zone members include wan1 and wan2.

      • An SLA (Default_Ping) is created.

      show system sdwan
config system sdwan
    set status enable
    config zone
        edit "sd-wan"
        next
    end
    config members
        edit 1
            set interface "wan1"
            set zone "sd-wan"
        next
        edit 2
            set interface "wan2"
            set zone "sd-wan"
        next
    end
    config health-check
        edit "Default_Ping"
            set server "1.1.1.1" "9.9.9.9"
            set members 0
        next
    end
end

    2. View the interface settings for wan1 and wan2 to see the mode is set to DHCP:

      • View settings for wan1:

        show system interface  wan1
config system interface
    edit "wan1"
        set vdom "root"
        set mode dhcp
        set allowaccess ping fgfm
        set type physical
        set role wan
        set snmp-index 3
        config ipv6
            set ip6-mode dhcp
            set ip6-allowaccess ping
        end
    next
end

      • View settings for wan2:

        show system interface  wan2
config system interface
    edit "wan2"
        set vdom "root"
        set mode dhcp
        set allowaccess ping
        set type physical
        set role wan
        set snmp-index 4
        config ipv6
            set ip6-mode dhcp
            set ip6-allowaccess ping
        end
    next
end

    3. View the default firewall policy that utilizes the SD-WAN zone.

      show firewall policy
config firewall policy
    edit 1
        set uuid 119c2598-b5ab-51f0-2303-861480a28741
        set srcintf "lan"
        set dstintf "sd-wan"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set nat enable
    next
end
    Previous
    Next

    Create default configuration of SD-WAN on FortiGate models with two WAN ports 7.6.5

    Create default configuration of SD-WAN on FortiGate models with two WAN ports 7.6.5

    Note

    This information is also available in the FortiOS 7.6 Administration Guide:

    FortiGate models with two WAN ports will have the following added to their default configuration:

    • Both WAN ports are set to DHCP mode.

    • An SD-WAN (sd-wan) zone is created, and both WAN ports are added as members.

    • Default firewall policy utilizes the SD-WAN zone.

    • An SLA is created, utilizing IP addresses 1.1.1.1 and 9.9.9.9 for internet connectivity evaluation.

    Affected FortiGate models (where x can be 0 or 1): 6xE, 6xF, 7xF, 7xG, 8xE, 8xF, 9xE, 9xG, 10xE, 100EF, 10xF, 12xG, 140E, 20xE, 20xF.

    To view the default configuration:

    1. On a supported device, view the SD-WAN configuration:

      • An SD-WAN (sd-wan) zone is created.

      • The zone members include wan1 and wan2.

      • An SLA (Default_Ping) is created.

      show system sdwan
config system sdwan
    set status enable
    config zone
        edit "sd-wan"
        next
    end
    config members
        edit 1
            set interface "wan1"
            set zone "sd-wan"
        next
        edit 2
            set interface "wan2"
            set zone "sd-wan"
        next
    end
    config health-check
        edit "Default_Ping"
            set server "1.1.1.1" "9.9.9.9"
            set members 0
        next
    end
end

    2. View the interface settings for wan1 and wan2 to see the mode is set to DHCP:

      • View settings for wan1:

        show system interface  wan1
config system interface
    edit "wan1"
        set vdom "root"
        set mode dhcp
        set allowaccess ping fgfm
        set type physical
        set role wan
        set snmp-index 3
        config ipv6
            set ip6-mode dhcp
            set ip6-allowaccess ping
        end
    next
end

      • View settings for wan2:

        show system interface  wan2
config system interface
    edit "wan2"
        set vdom "root"
        set mode dhcp
        set allowaccess ping
        set type physical
        set role wan
        set snmp-index 4
        config ipv6
            set ip6-mode dhcp
            set ip6-allowaccess ping
        end
    next
end

    3. View the default firewall policy that utilizes the SD-WAN zone.

      show firewall policy
config firewall policy
    edit 1
        set uuid 119c2598-b5ab-51f0-2303-861480a28741
        set srcintf "lan"
        set dstintf "sd-wan"
        set action accept
        set srcaddr "all"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set nat enable
    next
end
    Previous
    Next