Although SD-WAN Orchestrator MEA is used to configure SD-WAN networks, you use FortiManager to define and install firewall policies to the FortiGates in an SD-WAN network. It is recommended to configure the SD-WAN network before you install firewall policies to FortiGate devices.
Before installing firewall policies, it is recommended to insert the policy block SDWAN_Overlay_PB_EDGE and SDWAN_Overlay_PB_HUB to policy packages, and move the policy blocks to the top. The policy block is automatically maintained by SD-WAN Orchestrator MEA. The policy block allows health-check packets and negotiation packets for IPsec tunnels between devices.
For details about using FortiManager to install firewall policies, see the FortiManager Administration Guide.