Default SD-WAN configuration on FortiGate models with two WAN ports NEW
FortiGate models with two WAN ports have the following added to their default configuration:
-
Both WAN ports are set to DHCP mode.
-
An SD-WAN (sd-wan) zone is created, and both WAN ports are added as members.
-
Default firewall policy utilizes the SD-WAN zone.
-
An SLA is created, utilizing IP addresses 1.1.1.1 and 9.9.9.9 for internet connectivity evaluation.
To view the default configuration:
-
On a supported device, view the SD-WAN configuration:
-
An SD-WAN (
sd-wan) zone is created. -
The zone members include
wan1andwan2. -
An SLA (
Default_Ping) is created.
show system sdwan config system sdwan set status enable config zone edit "sd-wan" next end config members edit 1 set interface "wan1" set zone "sd-wan" next edit 2 set interface "wan2" set zone "sd-wan" next end config health-check edit "Default_Ping" set server "1.1.1.1" "9.9.9.9" set members 0 next end end -
-
View the interface settings for wan1 and wan2 to see the mode is set to DHCP:
-
View settings for wan1:
show system interface wan1 config system interface edit "wan1" set vdom "root" set mode dhcp set allowaccess ping fgfm set type physical set role wan set snmp-index 3 config ipv6 set ip6-mode dhcp set ip6-allowaccess ping end next end -
View settings for wan2:
show system interface wan2 config system interface edit "wan2" set vdom "root" set mode dhcp set allowaccess ping set type physical set role wan set snmp-index 4 config ipv6 set ip6-mode dhcp set ip6-allowaccess ping end next end
-
-
View the default firewall policy that utilizes the SD-WAN zone.
show firewall policy config firewall policy edit 1 set uuid 119c2598-b5ab-51f0-2303-861480a28741 set srcintf "lan" set dstintf "sd-wan" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set nat enable next end