SD-WAN Orchestrator MEA works with FortiManager to configure and monitor SD-WAN networks on FortiGates.
You use SD-WAN Orchestrator MEA to configure SD-WAN networks and assign configurations to FortiGate devices. When you use SD-WAN Orchestrator MEA to apply the configuration to FortiGates, SD-WAN Orchestrator MEA uses the following method to work with FortiManager to install the configurations to FortiGates:
SD-WAN Orchestrator MEA automatically generates CLI scripts of the configuration.
You can view the scripts in FortiManager on the Device Manager > Scripts pane.
- SD-WAN Orchestrator MEA installs the CLI scripts to the Device Manager database in FortiManager.
- FortiManager receives the CLI scripts, and FortiManager installs the configurations to the FortiGates.
When the configuration is installed to FortiGates, the overlay and underlay links between all devices in the SD-WAN network are automatically created.
SD-WAN Orchestrator MEA creates the dynamic interfaces for generated tunnel interfaces. The dynamic interfaces use per-device interface mappings, and you can use them in FortiManager when you create policies. SD-WAN Orchestrator MEA also creates two policy blocks in FortiManager: one for hub devices and one for edge devices. The policy blocks include the necessary firewall policies to allow health check traffic through the VPN tunnels. You can view the policy blocks in FortiManager by going to Policy & Objects > Policy Packages.
You should use SD-WAN Orchestrator MEA for all configuration and monitoring of SD-WAN networks. You should not use FortiManager to configure SD-WAN networks on FortiGates when SD-WAN Orchestrator MEA is enabled.
However you can use FortiManager to configure firewall policies and objects for the FortiGate units in the SD-WAN network after SD-WAN is configured.