Fortinet black logo

SD-WAN Orchestrator 6.4.1 r7 Administration Guide

Creating profiles for hub devices

6.4.6
Copy Link
Copy Doc ID 6173f038-d5de-11eb-97f7-00505692583a:650952
Download PDF

Creating profiles for hub devices

Before you create a profile, you should create all of the needed shared resources, so you can select them in the profile. See Shared resources.

Each region can have one primary hub and one secondary hub. The secondary hub is for redundancy and is optional.

You should create a profile for each device type in the SD-WAN network. If you plan to use primary and secondary hubs, you should create a profile for primary hubs and a profile for secondary hubs.

To create profiles for hub devices:
  1. Go to Configuration > Profile.
  2. In the toolbar, click +Create New.
  3. Configure the profile settings.

    The following table identifies settings that are specific to configuring a hub device. You can set the remaining settings as desired.

    Option

    Description

    Device Role

    Select PRIMARY_HUB to create a profile for primary hubs.

    Select SECONDARY_HUB to create a profile for secondary hubs.

    VPN Mode with Edge

    Select one of the following options to connect the hub device with edge devices:

    • Select DIAL_UP to create one-to-one overlay links between the hub device and its edge devices. When you select DIAL_UP, you can enable ADVPN on the Network tab in the WAN settings.
    • Select DIAL_UP_FULL_MESH to create full-mesh overlay links on WAN ports between hub devices and edge devices in the same region.
    • Select SITE_TO_SITE to create full-mesh overlay links between the hub device and its edge devices in the same region.

    VDOM Mode

    Toggle on to create a profile for a FortiGate VDOM.

    Toggle off to disable this feature.

    Max Edge Count

    Available when VPN Mode with Edge is set to DIAL_UP.

    Specify the maximum number of edge devices allowed to connect with the hub device.

    Port Number

    Specify the number of ports on the FortiGate. The number of ports in the FGT VM should be the same number as defined here. Otherwise conflict will occur.

  4. Click OK. The profile is created, and the System tab opens.
  5. Configure the System settings.

    For a description of the options on the System tab, see Profile options described.

  6. Click the Network tab to configure the network settings.

    If you're using primary and secondary hubs in a region, you can optionally configure LAN port communication between the hubs. The LAN port communication is used in addition to the default full-mesh overlay link communication between the hubs.

    1. On the Network tab, expand the LAN section.
    2. Either click Create New, or double-click an interface to open it for updating.

      The LAN options are displayed.

    3. Toggle Connect to Peer Hub to ON.

      You must enable this option in the profile for the primary hub and the profile for the secondary hub.

    4. For primary hub devices, toggle Allow Overlap Between Devices to ON.

      In the IP Address box, type the IP address for the primary hub, and in the Peer Hub's IP Address box, type the IP address for the secondary hub.

      This option is not available for secondary hubs.

    5. Set the remaining options as desired, and click OK to save the WAN configuration.
    6. For a description of the options on the Network tab, see Profile options described.

  7. Click the Business tab to create business rules.

    For a description of the options on the Business tab, see Profile options described.

  8. Click OK.

Creating profiles for hub devices

Before you create a profile, you should create all of the needed shared resources, so you can select them in the profile. See Shared resources.

Each region can have one primary hub and one secondary hub. The secondary hub is for redundancy and is optional.

You should create a profile for each device type in the SD-WAN network. If you plan to use primary and secondary hubs, you should create a profile for primary hubs and a profile for secondary hubs.

To create profiles for hub devices:
  1. Go to Configuration > Profile.
  2. In the toolbar, click +Create New.
  3. Configure the profile settings.

    The following table identifies settings that are specific to configuring a hub device. You can set the remaining settings as desired.

    Option

    Description

    Device Role

    Select PRIMARY_HUB to create a profile for primary hubs.

    Select SECONDARY_HUB to create a profile for secondary hubs.

    VPN Mode with Edge

    Select one of the following options to connect the hub device with edge devices:

    • Select DIAL_UP to create one-to-one overlay links between the hub device and its edge devices. When you select DIAL_UP, you can enable ADVPN on the Network tab in the WAN settings.
    • Select DIAL_UP_FULL_MESH to create full-mesh overlay links on WAN ports between hub devices and edge devices in the same region.
    • Select SITE_TO_SITE to create full-mesh overlay links between the hub device and its edge devices in the same region.

    VDOM Mode

    Toggle on to create a profile for a FortiGate VDOM.

    Toggle off to disable this feature.

    Max Edge Count

    Available when VPN Mode with Edge is set to DIAL_UP.

    Specify the maximum number of edge devices allowed to connect with the hub device.

    Port Number

    Specify the number of ports on the FortiGate. The number of ports in the FGT VM should be the same number as defined here. Otherwise conflict will occur.

  4. Click OK. The profile is created, and the System tab opens.
  5. Configure the System settings.

    For a description of the options on the System tab, see Profile options described.

  6. Click the Network tab to configure the network settings.

    If you're using primary and secondary hubs in a region, you can optionally configure LAN port communication between the hubs. The LAN port communication is used in addition to the default full-mesh overlay link communication between the hubs.

    1. On the Network tab, expand the LAN section.
    2. Either click Create New, or double-click an interface to open it for updating.

      The LAN options are displayed.

    3. Toggle Connect to Peer Hub to ON.

      You must enable this option in the profile for the primary hub and the profile for the secondary hub.

    4. For primary hub devices, toggle Allow Overlap Between Devices to ON.

      In the IP Address box, type the IP address for the primary hub, and in the Peer Hub's IP Address box, type the IP address for the secondary hub.

      This option is not available for secondary hubs.

    5. Set the remaining options as desired, and click OK to save the WAN configuration.
    6. For a description of the options on the Network tab, see Profile options described.

  7. Click the Business tab to create business rules.

    For a description of the options on the Business tab, see Profile options described.

  8. Click OK.