Fortinet black logo

SD-WAN Orchestrator 6.4.1 r7 Administration Guide

Creating new LAN settings

6.4.6
Copy Link
Copy Doc ID 6173f038-d5de-11eb-97f7-00505692583a:957486
Download PDF

Creating new LAN settings

When creating a profile, you can also create new LAN settings.

When creating profiles for primary hubs and secondary hubs in a region, you can optionally configure LAN ports for each hub to define communication between them by using the Connect to Peer Hub option. When LAN ports are configured for both hubs in a region, they are connected by site-to-site VPN and LAN, and the LAN port has higher priority than the VPN tunnels in business rules.

To create new LAN settings:
  1. Go to Configuration > Profile.

    The list of profiles is displayed.

  2. Create a new profile, or open a profile for updating.

    The Profile <name> dialog box is displayed.

  3. Click the Network tab.

    The Network pane is displayed. For a description of the options, see Network tab.

  4. Expand the LAN section, and click +Create New.

    The LAN dialog box is displayed.

  5. In the Name box, type a name for the LAN settings.
  6. In the Port Type box, select the port, and complete the options.

    Port Type

    Description

    VLAN

    Select to configure a virtual interface.

    WiFi_SSID

    Select to configure a wireless network interface (SSID).

    Aggregate

    Select to configure an aggregate virtual interface.

    Hard_Switch

    Select to configure a hardware switch. A hardware switch is a virtual switch interface that groups different ports together. FortiGate uses the group of ports as a single interface.

    Supported FortiGate models have a default hardware switch called either internal or lan. The hardware switch is supported by the chipset at the hardware level. For example, the FortiGate 60E/61E series supports hardware switches.

    Soft_Switch

    Select to configure a software switch. A software switch is a virtual switch interface that is implemented at the software or firmware level and not at the hardware level. FortiGate uses the group of ports as a single interface.

  7. Complete the remaining options, and click OK.

    Option

    Description

    Connect to Peer Hub

    Available when configuring profiles for primary or secondary hubs.

    Toggle on to configure LAN communication between a primary hub and a secondary hub in a region. You must enable this option in the profile for the primary hub and the profile for the secondary hub to enable communication for the interface.

    Allow Overlap Between Devices

    For edge devices, toggle on to allow overlap between devices. Toggle off to disable this feature.

    For primary hub devices, toggle on to configure the local address and peer hub address for the LAN port to communicate between the primary and secondary hubs.

    For secondary hubs, this feature is disabled and cannot be enabled.

    IP Address

    Available when Allow Overlap Between Devices is enabled.

    Peer Hub's IP Address

    Available when Allow Overlap Between Devices is enabled.

    IP Auto Assign

    Available when Allow Overlap Between Devices is disabled.

    Toggle on to automatically assign IP addresses. Toggle off to disable this feature.

    IP Pool

    Available when IP Auto Assign is enabled.

    Specify a pool of IP addresses to be used for SD-WAN Orchestrator MEA to automatically assign.

    Subnet Mask Length

    Available when IP Auto Assign is enabled.

    Specify the length of the subnet mask.

    DHCP Mode

    Specify whether to use DHCP for automatic IP assignment. Select one of the following options:

    • None - DHCP is not used.
    • Server - Enable DHCP server.
    • Relay - Enable DHCP relay agent.

    Access Types

    Select the types of access to allow on the interface.

    Interface Members

    Available when Port Type is set to Hard_Switch or Soft_Switch.

    Select the ports to include in the interface group.

    The LAN settings are saved.

  8. If you set Port Type to AGGREGATE, open the LAN settings for editing, select interface members, and click OK.

    Interface members are added to the LAN settings.

Creating new LAN settings

When creating a profile, you can also create new LAN settings.

When creating profiles for primary hubs and secondary hubs in a region, you can optionally configure LAN ports for each hub to define communication between them by using the Connect to Peer Hub option. When LAN ports are configured for both hubs in a region, they are connected by site-to-site VPN and LAN, and the LAN port has higher priority than the VPN tunnels in business rules.

To create new LAN settings:
  1. Go to Configuration > Profile.

    The list of profiles is displayed.

  2. Create a new profile, or open a profile for updating.

    The Profile <name> dialog box is displayed.

  3. Click the Network tab.

    The Network pane is displayed. For a description of the options, see Network tab.

  4. Expand the LAN section, and click +Create New.

    The LAN dialog box is displayed.

  5. In the Name box, type a name for the LAN settings.
  6. In the Port Type box, select the port, and complete the options.

    Port Type

    Description

    VLAN

    Select to configure a virtual interface.

    WiFi_SSID

    Select to configure a wireless network interface (SSID).

    Aggregate

    Select to configure an aggregate virtual interface.

    Hard_Switch

    Select to configure a hardware switch. A hardware switch is a virtual switch interface that groups different ports together. FortiGate uses the group of ports as a single interface.

    Supported FortiGate models have a default hardware switch called either internal or lan. The hardware switch is supported by the chipset at the hardware level. For example, the FortiGate 60E/61E series supports hardware switches.

    Soft_Switch

    Select to configure a software switch. A software switch is a virtual switch interface that is implemented at the software or firmware level and not at the hardware level. FortiGate uses the group of ports as a single interface.

  7. Complete the remaining options, and click OK.

    Option

    Description

    Connect to Peer Hub

    Available when configuring profiles for primary or secondary hubs.

    Toggle on to configure LAN communication between a primary hub and a secondary hub in a region. You must enable this option in the profile for the primary hub and the profile for the secondary hub to enable communication for the interface.

    Allow Overlap Between Devices

    For edge devices, toggle on to allow overlap between devices. Toggle off to disable this feature.

    For primary hub devices, toggle on to configure the local address and peer hub address for the LAN port to communicate between the primary and secondary hubs.

    For secondary hubs, this feature is disabled and cannot be enabled.

    IP Address

    Available when Allow Overlap Between Devices is enabled.

    Peer Hub's IP Address

    Available when Allow Overlap Between Devices is enabled.

    IP Auto Assign

    Available when Allow Overlap Between Devices is disabled.

    Toggle on to automatically assign IP addresses. Toggle off to disable this feature.

    IP Pool

    Available when IP Auto Assign is enabled.

    Specify a pool of IP addresses to be used for SD-WAN Orchestrator MEA to automatically assign.

    Subnet Mask Length

    Available when IP Auto Assign is enabled.

    Specify the length of the subnet mask.

    DHCP Mode

    Specify whether to use DHCP for automatic IP assignment. Select one of the following options:

    • None - DHCP is not used.
    • Server - Enable DHCP server.
    • Relay - Enable DHCP relay agent.

    Access Types

    Select the types of access to allow on the interface.

    Interface Members

    Available when Port Type is set to Hard_Switch or Soft_Switch.

    Select the ports to include in the interface group.

    The LAN settings are saved.

  8. If you set Port Type to AGGREGATE, open the LAN settings for editing, select interface members, and click OK.

    Interface members are added to the LAN settings.