Fortinet black logo

SD-WAN Orchestrator 6.4.1 r4 Release Notes

Home FortiManager 6.4.3 SD-WAN Orchestrator 6.4.1 r4 Release Notes

What’s new

6.4.3
6.4.3
Copy Link
Copy Doc ID 9c48a92f-2612-11eb-96b9-00505692583a:226277
Download PDF

What’s new

This section identifies new features and enhancements available with SD-WAN Orchestrator MEA 6.4.1 r4.

For information about what's new in FortiManager 6.4, see the FortiManager 6.4 New Features Guide.

FortiGate 40F/40F-3G4G models

SD-WAN Orchestrator MEA now supports the following FortiGate models:

  • FortiGate 40F
  • FortiGate 40F-3G4G

These FortiGate models support a special WAN interface named wwan. After inserting a 3G or 4G SIM card into the slot, the device can connect to the Internet through telecommunication operators.

The wwan interface only supports ISP link type of LTE. Other settings link a normal WAN interface.

For these FortiGate models, a special wan port named wwan is available on the Device > Profile > Network > WAN page.

FortiGate 60E-DSL/60E-DLSJ models

SD-WAN Orchestrator MEA now supports the following FortiGate models:

  • FortiGate 60E-DSL
  • FortiGate 60E-DSLJ

These FortiGate models include a built-in DSL (ADSL/VDSL) modem. The DSL port is recognized as a special WAN interface named dsl.

For these FortiGate models, a special WAN port named dsl is available in the Device/Profile > Network > WAN page.

FortiWiFi 60E/61E models

SD-WAN Orchestrator MEA now supports the following FortiWiFi models:

  • FortiWiFi 60E
  • FortiWiFi 61E

These models include a built-in dual-band, dual-stream access point with internal integrated antennas, and provide speedy 802.11ac wireless access.

The settings of built-in WiFi interface are the same as other managed AP settings.

For these FortiWiFi models, a built-in AP template is available in Profile > Network > LAN > Switch/AP page.

Aggregate WAN interface

Support to create an aggregate interface for WAN ports. Add an aggregate interface first, and edit it to add interface members.

Note

Aggregate LAN interface was introduced in the SD-WAN Orchestrator MEA 6.4.1.r3 release.

Dual hub devices

Support dual Hub devices in one region to improve system availability and stability. A device can be added to a region as one of the following role types:

  • Primary_Hub
  • Secondary_Hub
  • Edge

Edge devices will establish dialup or site-to-site overlay links with both hubs in the same region, and forward outbound traffic through all these overlay links by auto-generated or custom business rules. Overlay links to the primary hub have higher priority.

The primary and secondary hubs in one region also establish full-mesh, site-to-site overlay links with both hubs in other regions. Traffic between regions can be forwarded through these links, and links between primary hubs have higher priority.

In addition, the primary and secondary hub in the same region establishes site-to-site overlay links with each other. When incoming traffic reaches the primary hub and finds that all links between the hub and the target edge device are down, traffic is forwarded to the secondary hub through these links and a LAN port, when a new option named Connect to Peer Hub is configured on both hubs. Then the incoming traffic is forwarded to the target edge device subnet when overlay links between the edge and the secondary hub are available.

FortiGate HA AP mode

FortiGate HA (high availability) provides redundancy of the FortiGate network if devices failover. The FortiGate device with a higher node priority is considered the primary device of the HA cluster.

With this new feature, you can add new model devices as HA clusters, and configure existing devices into HA clusters in AP mode by using the + Model Device or Import Devices pages.

Both FortiGate devices must use the same firmware version to be added to the HA cluster.

NAT VIP for VPN connection

This feature supports to establish overlay links between devices, even if both devices are behind a NAT gateway. This feature is useful when FortiGate devices are set up in Cloud platforms, such as AWS, Azure, AliCloud, and so on.

When Use VIP for VPN connection is enabled, and a VIP address is configured on a WAN port, IPsec tunnels will be established with the VIP address instead of the intranet IP address.

FortiGate serial number replacement

Sometimes FortiGate devices need replacement. When you replace a FortiGate device, the new FortiGate has a new serial number. FortiManager lets you execute the device serial number replacement and reclaim the FGFM tunnel. After this procedure, the new FortiGate device continues working in both FortiManager and SD-WAN Orchestrator MEA without adding it again.

Underlay SD-WAN member SLA monitor

Integrate new Secure SD-WAN Monitor feature from FortiView, including SD-WAN Rules Utilization and SD-WAN Underlay Performance Status diagram to Monitor > Devices > Overview page, and adjust some other features in other monitoring pages.

Additional enhancements

SD-WAN Orchestrator MEA 6.4.1 r4 also includes the following additional enhancements:

  • Improve performance of retrieving monitoring data from FortiGate
  • Improve performance of installing in parallel from multiple ADOMs
  • Add custom column for device table and other tables with many attributes
  • Make SYNC logs formatted and readable
Previous
Next

What’s new

This section identifies new features and enhancements available with SD-WAN Orchestrator MEA 6.4.1 r4.

For information about what's new in FortiManager 6.4, see the FortiManager 6.4 New Features Guide.

FortiGate 40F/40F-3G4G models

SD-WAN Orchestrator MEA now supports the following FortiGate models:

  • FortiGate 40F
  • FortiGate 40F-3G4G

These FortiGate models support a special WAN interface named wwan. After inserting a 3G or 4G SIM card into the slot, the device can connect to the Internet through telecommunication operators.

The wwan interface only supports ISP link type of LTE. Other settings link a normal WAN interface.

For these FortiGate models, a special wan port named wwan is available on the Device > Profile > Network > WAN page.

FortiGate 60E-DSL/60E-DLSJ models

SD-WAN Orchestrator MEA now supports the following FortiGate models:

  • FortiGate 60E-DSL
  • FortiGate 60E-DSLJ

These FortiGate models include a built-in DSL (ADSL/VDSL) modem. The DSL port is recognized as a special WAN interface named dsl.

For these FortiGate models, a special WAN port named dsl is available in the Device/Profile > Network > WAN page.

FortiWiFi 60E/61E models

SD-WAN Orchestrator MEA now supports the following FortiWiFi models:

  • FortiWiFi 60E
  • FortiWiFi 61E

These models include a built-in dual-band, dual-stream access point with internal integrated antennas, and provide speedy 802.11ac wireless access.

The settings of built-in WiFi interface are the same as other managed AP settings.

For these FortiWiFi models, a built-in AP template is available in Profile > Network > LAN > Switch/AP page.

Aggregate WAN interface

Support to create an aggregate interface for WAN ports. Add an aggregate interface first, and edit it to add interface members.

Note

Aggregate LAN interface was introduced in the SD-WAN Orchestrator MEA 6.4.1.r3 release.

Dual hub devices

Support dual Hub devices in one region to improve system availability and stability. A device can be added to a region as one of the following role types:

  • Primary_Hub
  • Secondary_Hub
  • Edge

Edge devices will establish dialup or site-to-site overlay links with both hubs in the same region, and forward outbound traffic through all these overlay links by auto-generated or custom business rules. Overlay links to the primary hub have higher priority.

The primary and secondary hubs in one region also establish full-mesh, site-to-site overlay links with both hubs in other regions. Traffic between regions can be forwarded through these links, and links between primary hubs have higher priority.

In addition, the primary and secondary hub in the same region establishes site-to-site overlay links with each other. When incoming traffic reaches the primary hub and finds that all links between the hub and the target edge device are down, traffic is forwarded to the secondary hub through these links and a LAN port, when a new option named Connect to Peer Hub is configured on both hubs. Then the incoming traffic is forwarded to the target edge device subnet when overlay links between the edge and the secondary hub are available.

FortiGate HA AP mode

FortiGate HA (high availability) provides redundancy of the FortiGate network if devices failover. The FortiGate device with a higher node priority is considered the primary device of the HA cluster.

With this new feature, you can add new model devices as HA clusters, and configure existing devices into HA clusters in AP mode by using the + Model Device or Import Devices pages.

Both FortiGate devices must use the same firmware version to be added to the HA cluster.

NAT VIP for VPN connection

This feature supports to establish overlay links between devices, even if both devices are behind a NAT gateway. This feature is useful when FortiGate devices are set up in Cloud platforms, such as AWS, Azure, AliCloud, and so on.

When Use VIP for VPN connection is enabled, and a VIP address is configured on a WAN port, IPsec tunnels will be established with the VIP address instead of the intranet IP address.

FortiGate serial number replacement

Sometimes FortiGate devices need replacement. When you replace a FortiGate device, the new FortiGate has a new serial number. FortiManager lets you execute the device serial number replacement and reclaim the FGFM tunnel. After this procedure, the new FortiGate device continues working in both FortiManager and SD-WAN Orchestrator MEA without adding it again.

Underlay SD-WAN member SLA monitor

Integrate new Secure SD-WAN Monitor feature from FortiView, including SD-WAN Rules Utilization and SD-WAN Underlay Performance Status diagram to Monitor > Devices > Overview page, and adjust some other features in other monitoring pages.

Additional enhancements

SD-WAN Orchestrator MEA 6.4.1 r4 also includes the following additional enhancements:

  • Improve performance of retrieving monitoring data from FortiGate
  • Improve performance of installing in parallel from multiple ADOMs
  • Add custom column for device table and other tables with many attributes
  • Make SYNC logs formatted and readable
Previous
Next