Fortinet black logo

SD-WAN Orchestrator 7.0.0.r2 Administration Guide

Creating new WAN settings

7.0.0
Copy Link
Copy Doc ID 844953e4-d45d-11eb-97f7-00505692583a:544512
Download PDF

Creating new WAN settings

When creating a profile, you can also create new WAN settings.

FortiGate 40F-3G4G model supports a special WAN interface for Wireless Wide Area Networks (WWAN). When you insert a 3G or 4G SIM card into the WWAN interface slot of the device, you can connect to the Internet by using telecommunication operators. If you add this type of FortiGate with WWAN enabled to SD-WAN Orchestrator MEA, a WWAN port is available for configuration.

To create new WAN settings:
  1. Go to Configuration > Profile.

    The list of profiles is displayed.

  2. Create a new profile, or open a profile for updating.

    The Profile <name> dialog box is displayed.

  3. Click the Network tab.

    The Network pane is displayed. For a description of the options, see Network tab.

  4. Expand the WAN section, and click +Create New.

    The WAN dialog box is displayed.

  5. In the Name box, type a name for the WAN settings.
  6. In the Port Type box, select the port, and complete the options.

    Port Type

    Description

    VLAN

    Select to configure a virtual interface.

    Aggregate

    Select to configure an aggregate virtual interface.

    Hard_Switch

    Select to configure a hardware switch. A hardware switch is a virtual switch interface that groups different ports together. FortiGate uses the group of ports as a single interface.

    Supported FortiGate models have a default hardware switch called either internal or lan. The hardware switch is supported by the chipset at the hardware level. For example, the FortiGate 60E/61E series supports hardware switches.

    Soft_Switch

    Select to configure a software switch. A software switch is a virtual switch interface that is implemented at the software or firmware level and not at the hardware level. FortiGate uses the group of ports as a single interface.

    Extender

    Select to configure FortiExtender as a WAN port. See also Creating profiles with FortiExtender WAN ports.

  7. Complete the remaining options, and click OK.

    Option

    Description

    Physical Port

    Available when Port Type set to VLAN.

    Select the port number.

    Displays wwan for FortiGate 40F-3G4G models with enabled WWAN ports.

    VLAN ID

    Available when Port Type is set to VLAN.

    Type an ID for the VLAN.

    Enable SDWAN

    Toggle on to enable the interface. Toggle off to disable the interface.

    Interface Status

    Available when Enable SDWAN is toggled OFF.

    Overlay links are not initiated on a WAN port with the following settings:

    • Enable SDWAN is toggled OFF.
    • Interface Status is set to UP.
    • Mode is set to STATIC.

    However, overlay links can be established on VLAN ports that are based on the physical WAN port.

    ISP Link

    Available for edge devices when VPN Mode with Hub is set to SITE_TO_SITE on the General tab.

    VPN Connect to Hub ISP Link

    Available for edge devices when VPN Mode with Hub is set to SITE_TO_SITE on the General tab.

    When configuring WWAN interfaces, select an LTE type of ISP link, such as DEFAULT_ISP_LTE_1. Any other setting will disable the wwan feature.

    ADVPN

    Available for edge devices when VPN Mode with Hub is set to DIAL_UP on the General tab.

    On hub devices, select one of the following options:

    • NONE - ADVPN is disabled. Edge devices from the same region will communicate with each other by forwarding packets through their region's hub.
    • INSIDE_REGION - Shortcut tunnels are triggered by traffic and established only inside a region.

    On edge devices, toggle ADVPN on to enable ADVPN. Toggle off to disable ADVPN.

    Mode

    Select a mode.

    Use VIP for VPN Connection

    Toggle on to enable VIP mapping for the WAN port.

    This feature allows overlay tunnels to be established when FortiGate devices are deployed on Cloud platforms, such as AWS, Azure, and on. It also helps establish overlay links between devices when both devices are behind a NAT gateway.

    VIP Address

    Available when Use VIP for VPN Connection is on.

    Type the VIP address for the device. When enabled, tunnels are established with the VIP address instead of the intranet IP address.

    If the FortiGate is deployed on a Cloud platform, contact the Cloud operator to obtain the public IP address .

    Estimated Upstream Bandwidth

    Leave the default value, or specify an estimated value.

    Estimated Downstream Bandwidth

    Leave the default value, or specify an estimated value.

    Access Types

    Select one or more types of access.

    The WAN settings are created.

  8. If you set Port Type to Aggregate, open the WAN settings for editing, select interface members, and click OK.

    Interface members are added to the WAN settings.

Creating new WAN settings

When creating a profile, you can also create new WAN settings.

FortiGate 40F-3G4G model supports a special WAN interface for Wireless Wide Area Networks (WWAN). When you insert a 3G or 4G SIM card into the WWAN interface slot of the device, you can connect to the Internet by using telecommunication operators. If you add this type of FortiGate with WWAN enabled to SD-WAN Orchestrator MEA, a WWAN port is available for configuration.

To create new WAN settings:
  1. Go to Configuration > Profile.

    The list of profiles is displayed.

  2. Create a new profile, or open a profile for updating.

    The Profile <name> dialog box is displayed.

  3. Click the Network tab.

    The Network pane is displayed. For a description of the options, see Network tab.

  4. Expand the WAN section, and click +Create New.

    The WAN dialog box is displayed.

  5. In the Name box, type a name for the WAN settings.
  6. In the Port Type box, select the port, and complete the options.

    Port Type

    Description

    VLAN

    Select to configure a virtual interface.

    Aggregate

    Select to configure an aggregate virtual interface.

    Hard_Switch

    Select to configure a hardware switch. A hardware switch is a virtual switch interface that groups different ports together. FortiGate uses the group of ports as a single interface.

    Supported FortiGate models have a default hardware switch called either internal or lan. The hardware switch is supported by the chipset at the hardware level. For example, the FortiGate 60E/61E series supports hardware switches.

    Soft_Switch

    Select to configure a software switch. A software switch is a virtual switch interface that is implemented at the software or firmware level and not at the hardware level. FortiGate uses the group of ports as a single interface.

    Extender

    Select to configure FortiExtender as a WAN port. See also Creating profiles with FortiExtender WAN ports.

  7. Complete the remaining options, and click OK.

    Option

    Description

    Physical Port

    Available when Port Type set to VLAN.

    Select the port number.

    Displays wwan for FortiGate 40F-3G4G models with enabled WWAN ports.

    VLAN ID

    Available when Port Type is set to VLAN.

    Type an ID for the VLAN.

    Enable SDWAN

    Toggle on to enable the interface. Toggle off to disable the interface.

    Interface Status

    Available when Enable SDWAN is toggled OFF.

    Overlay links are not initiated on a WAN port with the following settings:

    • Enable SDWAN is toggled OFF.
    • Interface Status is set to UP.
    • Mode is set to STATIC.

    However, overlay links can be established on VLAN ports that are based on the physical WAN port.

    ISP Link

    Available for edge devices when VPN Mode with Hub is set to SITE_TO_SITE on the General tab.

    VPN Connect to Hub ISP Link

    Available for edge devices when VPN Mode with Hub is set to SITE_TO_SITE on the General tab.

    When configuring WWAN interfaces, select an LTE type of ISP link, such as DEFAULT_ISP_LTE_1. Any other setting will disable the wwan feature.

    ADVPN

    Available for edge devices when VPN Mode with Hub is set to DIAL_UP on the General tab.

    On hub devices, select one of the following options:

    • NONE - ADVPN is disabled. Edge devices from the same region will communicate with each other by forwarding packets through their region's hub.
    • INSIDE_REGION - Shortcut tunnels are triggered by traffic and established only inside a region.

    On edge devices, toggle ADVPN on to enable ADVPN. Toggle off to disable ADVPN.

    Mode

    Select a mode.

    Use VIP for VPN Connection

    Toggle on to enable VIP mapping for the WAN port.

    This feature allows overlay tunnels to be established when FortiGate devices are deployed on Cloud platforms, such as AWS, Azure, and on. It also helps establish overlay links between devices when both devices are behind a NAT gateway.

    VIP Address

    Available when Use VIP for VPN Connection is on.

    Type the VIP address for the device. When enabled, tunnels are established with the VIP address instead of the intranet IP address.

    If the FortiGate is deployed on a Cloud platform, contact the Cloud operator to obtain the public IP address .

    Estimated Upstream Bandwidth

    Leave the default value, or specify an estimated value.

    Estimated Downstream Bandwidth

    Leave the default value, or specify an estimated value.

    Access Types

    Select one or more types of access.

    The WAN settings are created.

  8. If you set Port Type to Aggregate, open the WAN settings for editing, select interface members, and click OK.

    Interface members are added to the WAN settings.