Upgrading from FortiManager, SD-WAN Orchestrator MEA, and FortiOS 6.4.0 to 6.4.1
In this scenario, you are starting the upgrade with the following items:
- FortiManager 6.4.0 with ADOMs enabled.
- SD-WAN Orchestrator MEA 6.4.0
- FortiGates running FortiOS 6.4.0
In FortiManager, a 6.4 ADOM contains the FortiGates.
To upgrade SD-WAN Orchestrator MEA:
- Upgrade FortiManager to 6.4.1.
After FortiManager reboots, SD-WAN Orchestrator MEA is automatically upgraded to 6.4.1.
- In FortiManager, upgrade FortiOS from 6.4.0 to 6.4.1.
- Go to Device Manager > Firmware.
The Upgrade Available column displays 6.4.1.
- Select the FortiGates, and click Upgrade.
When the firmware upgrade completes, click Close.
- Go to Device Manager > Firmware.
- Initiate the creation of normalized interfaces and new policy blocks by going to Management Extensions > SD-WAN Orchestrator MEA.
In FortiManager, you can view the new policy blocks by going to Policy & Objects > Policy Packages, and expanding the Policy Blocks tree menu. The following policy blocks are created:
- SDWAN_Overlay_PB_EDGE
- SDWAN_Overlay_PB_HUB
You can view normalized interfaces by going to Policy & Objects > Object Configuration > Normalized Interface. The following normalized interfaces with per-platform mappings are created:
- overlay_edge2hub
- overlay_hub2edge
- overlay_hub2hub
- underlay
- sdwan_loopback
The interfaces are used by the automatically-generated policy blocks or by other custom policies.
- In FortiManager, append new policy blocks to policy packages used by hub and spoke devices.
- Go to Policy & Objects > Policy Packages.
- In the tree menu, select the policy package for the hub device, and from the Policy Block menu, select Append Policy Block.
The Insert Policy Block dialog box appears.
- From the list, select the policy block for hub devices, and click OK.
- Repeat this procedure for edge devices, if necessary.
- Delete from the policy package the policy block named SDWAN_Overlay_PB that was created in 6.4.0.
- Add other policies if necessary.
- In SD-WAN Orchestrator MEA, install all configurations.
- Go to Management Extensions > SD-WAN Orchestrator MEA.
- Go to Configuration > Device, and click the Install all configuration button.
- In FortiManager, install policy packages to hub and edge devices.
- Check the configuration on FortiGate for the following changes:
- SD-WAN configuration is migrated to
config system sdwan
. - New SD-WAN zones are created, and member interfaces have been added to corresponding zones.
- Business rules remain unchanged, and SLA is up.
- Firewall policies have been updated.
- SD-WAN configuration is migrated to