Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 7.6.6 Administration Guide
    7.6.6
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    SD-WAN Setup wizard

    SD-WAN Setup wizard

    The SD-WAN Setup wizard helps you configure the following settings for a simple SD-WAN setup:

    • Interface

      The wizard supports a maximum of two interfaces.

    • Networking

    • Performance SLA

    • SD-WAN Rule

    After completing the wizard, configure a default static route for the newly created SD-WAN interface.

    FortiGate requires a valid SD-WAN Underlay and Application Monitoring license before the SD-WAN Setup wizard is visible.

    See also FortiGuard SLA database for SD-WAN performance SLA .

    Example

    This example describes how to use the SD-WAN Setup wizard to create an SD-WAN configuration with one SD-WAN zone (named Test) and two SD-WAN members (agg1 and vlan100). The wizard also guides you to complete the networking, performance SLA, and SD-WAN rule. After the wizard completes, configure a default static route for the SD-WAN interface.

    To use the SD-WAN Setup wizard to configure SD-WAN:

    1. Go to the Network > SD-WAN > SD-WAN Zones page to access the wizard:

      • When no SD-WAN configuration exists, the following message is displayed. Click Begin SD-WAN setup wizard to access the wizard.

      • When an SD-WAN configuration exists, click Create New > SD-WAN Wizard to access the wizard.

      The SD-WAN Setup wizard opens on the Interface step.

    2. For the Interface step, identify a zone, and select one or two interfaces for the underlay:

      The selected interfaces become members of the SD-WAN zone. This example creates a zone named Test and uses two interfaces (agg1 and vlan100).

      1. Set SD-WAN Zone to:

        • Use Existing and select an existing SD-WAN zone.

          Or:

        • Create New and type a name for the new SD-WAN zone. In this example, a new zone named Test is created.

      2. Click Add a new WAN underlay, select an interface, and click Apply.

      3. Click Add a new WAN underlay again, select an interface, and click Apply.

        You have added two interfaces to the SD-WAN zone.

      4. Click Next to proceed to the Networking step.

    3. For the Networking step, set the gateway and priority for each interface, and click Next:

      Gateway

      Select one of the following methods to assign a gateway IP address to the interface:

      • Dynamic: Select to leave the gateway undefined and proceed to the next screen. Can be used with interfaces set to use DHCP as a client.

      • Specify: Select to specify an IPv4 or IPv6 address for the gateway.

      Cost

      Used by the lowest-cost SLA strategy. The link with the lowest cost is chosen to pass traffic. The lowest possible cost is 0

      Fallback priority

      Select one of the following methods to define the priority of SD-WAN members:

      • Default: Select to use the default, which is the same priority for all SD-WAN members.

      • Specify: Select to specify a priority for the SD-WAN member in the Priority box.

      The priority is used in the static route created for the SD-WAN member interface and in SD-WAN rules (including the implicit rule). When priority is used to determine the best route, the lower value takes precedence.

      Priority

      Available when Fallback priority is set to Specify.

      Specify a priority for the SD-WAN member (1 - 65535, default = 1).

      The wizard moves to the Performance SLA step.

    4. For the Performance SLA step, configure health-check for SD-WAN members, and click Next:

      Only the fields that you must set before you can proceed are described.

      Performance SLA

      Select one of the following to choose how to define performance SLA:

      • FortiGuard: Select to use the FortiGuard SLA database. Select a predefined server from the Server list, and specify the protocol to use.

      • Manual: Select to manually define a server for the SLA.

      The wizard moves to the Rule step.

    5. For the Rule step, create a service rule, and click Next:

      Skip creation of SD-WAN rule and use implicit rule

      Enable to use the implicit rule instead of creating an SD-WAN rule.

      Interface selection strategy

      Available when Skip creation of SD-WAN rule and use implicit rule is disabled.

      Specify how SD-WAN should select an interface:

      • Best quality: Select to use the interface with the best measured performance.

      • Lowest cost (SLA): Select to use the interface that meets the defined performance SLA targets. When a tie occurs, the interface with the lowest assigned cost is selected.

      • Maximize bandwidth: Traffic is load balanced among interfaces that meet SLA targets.

      The wizard moves to the Review step.

    6. For the Review step, review the entries, and click Apply to create them:

      Zone

      Displays the name of the SD-WAN zone that will be created.

      Members

      Displays the name of the interface members that will be added to the SD-WAN zone.

      Performance SLA

      Displays the name of the performance SLA configuration that will be used for the SD-WAN configuration.

      Rule

      Displays the name of the SD-WAN rule that will be used for the SD-WAN configuration

      The entries are created, and the wizard completes.

    7. Create a static route for the SD-WAN interface (that is the SD-WAN zone):

      1. Go to Network > Static Routes, and click Create new.

      2. Complete the options, and click OK.

    8. Review the SD-WAN configuration:

      1. Go to Network > SD-WAN > SD-WAN Zones, and view the zone and members that you created.

      2. On the SD-WAN Rule tab, view the rule that you created.

      3. On the Performance SLAs tab, view the SLA configuration that you created.

    Previous
    Next

    SD-WAN Setup wizard

    SD-WAN Setup wizard

    The SD-WAN Setup wizard helps you configure the following settings for a simple SD-WAN setup:

    • Interface

      The wizard supports a maximum of two interfaces.

    • Networking

    • Performance SLA

    • SD-WAN Rule

    After completing the wizard, configure a default static route for the newly created SD-WAN interface.

    FortiGate requires a valid SD-WAN Underlay and Application Monitoring license before the SD-WAN Setup wizard is visible.

    See also FortiGuard SLA database for SD-WAN performance SLA .

    Example

    This example describes how to use the SD-WAN Setup wizard to create an SD-WAN configuration with one SD-WAN zone (named Test) and two SD-WAN members (agg1 and vlan100). The wizard also guides you to complete the networking, performance SLA, and SD-WAN rule. After the wizard completes, configure a default static route for the SD-WAN interface.

    To use the SD-WAN Setup wizard to configure SD-WAN:

    1. Go to the Network > SD-WAN > SD-WAN Zones page to access the wizard:

      • When no SD-WAN configuration exists, the following message is displayed. Click Begin SD-WAN setup wizard to access the wizard.

      • When an SD-WAN configuration exists, click Create New > SD-WAN Wizard to access the wizard.

      The SD-WAN Setup wizard opens on the Interface step.

    2. For the Interface step, identify a zone, and select one or two interfaces for the underlay:

      The selected interfaces become members of the SD-WAN zone. This example creates a zone named Test and uses two interfaces (agg1 and vlan100).

      1. Set SD-WAN Zone to:

        • Use Existing and select an existing SD-WAN zone.

          Or:

        • Create New and type a name for the new SD-WAN zone. In this example, a new zone named Test is created.

      2. Click Add a new WAN underlay, select an interface, and click Apply.

      3. Click Add a new WAN underlay again, select an interface, and click Apply.

        You have added two interfaces to the SD-WAN zone.

      4. Click Next to proceed to the Networking step.

    3. For the Networking step, set the gateway and priority for each interface, and click Next:

      Gateway

      Select one of the following methods to assign a gateway IP address to the interface:

      • Dynamic: Select to leave the gateway undefined and proceed to the next screen. Can be used with interfaces set to use DHCP as a client.

      • Specify: Select to specify an IPv4 or IPv6 address for the gateway.

      Cost

      Used by the lowest-cost SLA strategy. The link with the lowest cost is chosen to pass traffic. The lowest possible cost is 0

      Fallback priority

      Select one of the following methods to define the priority of SD-WAN members:

      • Default: Select to use the default, which is the same priority for all SD-WAN members.

      • Specify: Select to specify a priority for the SD-WAN member in the Priority box.

      The priority is used in the static route created for the SD-WAN member interface and in SD-WAN rules (including the implicit rule). When priority is used to determine the best route, the lower value takes precedence.

      Priority

      Available when Fallback priority is set to Specify.

      Specify a priority for the SD-WAN member (1 - 65535, default = 1).

      The wizard moves to the Performance SLA step.

    4. For the Performance SLA step, configure health-check for SD-WAN members, and click Next:

      Only the fields that you must set before you can proceed are described.

      Performance SLA

      Select one of the following to choose how to define performance SLA:

      • FortiGuard: Select to use the FortiGuard SLA database. Select a predefined server from the Server list, and specify the protocol to use.

      • Manual: Select to manually define a server for the SLA.

      The wizard moves to the Rule step.

    5. For the Rule step, create a service rule, and click Next:

      Skip creation of SD-WAN rule and use implicit rule

      Enable to use the implicit rule instead of creating an SD-WAN rule.

      Interface selection strategy

      Available when Skip creation of SD-WAN rule and use implicit rule is disabled.

      Specify how SD-WAN should select an interface:

      • Best quality: Select to use the interface with the best measured performance.

      • Lowest cost (SLA): Select to use the interface that meets the defined performance SLA targets. When a tie occurs, the interface with the lowest assigned cost is selected.

      • Maximize bandwidth: Traffic is load balanced among interfaces that meet SLA targets.

      The wizard moves to the Review step.

    6. For the Review step, review the entries, and click Apply to create them:

      Zone

      Displays the name of the SD-WAN zone that will be created.

      Members

      Displays the name of the interface members that will be added to the SD-WAN zone.

      Performance SLA

      Displays the name of the performance SLA configuration that will be used for the SD-WAN configuration.

      Rule

      Displays the name of the SD-WAN rule that will be used for the SD-WAN configuration

      The entries are created, and the wizard completes.

    7. Create a static route for the SD-WAN interface (that is the SD-WAN zone):

      1. Go to Network > Static Routes, and click Create new.

      2. Complete the options, and click OK.

    8. Review the SD-WAN configuration:

      1. Go to Network > SD-WAN > SD-WAN Zones, and view the zone and members that you created.

      2. On the SD-WAN Rule tab, view the rule that you created.

      3. On the Performance SLAs tab, view the SLA configuration that you created.

    Previous
    Next