Fortinet white logo
Fortinet white logo

Administration Guide

Zones and interface members

Zones and interface members

When creating an SD-WAN template, you can create SD-WAN zones and add interface members. Normalized interfaces are not supported for SD-WAN templates. You must bind the interface members by name to physical interfaces or VPN interfaces.

You can select SD-WAN zones as source and destination interfaces in firewall policies. You cannot select interface members of SD-WAN zones in firewall policies.

The default SD-WAN zone is named virtual-wan-link.

You can use meta fields of type Device VDOM for interface members and gateway IP addresses. The following example shows the Interface Member option and the Gateway IP option with meta fields:

This topic describes how to create SD-WAN interface members. It also describes how to create SD-WAN zones and add interface members. It also describes how to edit and delete interface members.

To create SD-WAN interface members:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.

    The SD-WAN templates are displayed in the content pane.

  2. Double-click a template to open it for editing, or click Create New in the toolbar.

    The SD-WAN template opens.

  3. In the Interface Members section, click Create New > SD-WAN Member. The Create New SD-WAN Interface Member page opens.

  4. Enter the following information, then click OK to create the new WAN interface:

    Sequence Number

    Type a number to identify the sequence of the interface in the SD-WAN zone.

    Interface Member

    Type the name of the port.

    You can use meta fields for Interface Members.

    SD-WAN Zone

    Select the SD-WAN zone for the interface member.

    Gateway IP

    The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to.

    You can use meta fields for Gateway IP.

    Status

    Toggle On to enable the interface member. Toggle Off to disable the interface member.

    The interface member is added to the SD-WAN zone.

To create SD-WAN zones:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.

    The SD-WAN templates are displayed in the content pane.

  2. Double-click an SD-WAN template to open it for editing, or click Create New in the toolbar.

    The SD-WAN template opens.

  3. In the Interface Members section, click Create New > SD-WAN Zone. The Create New WAN Interface page opens.

  4. Enter the following information, and click OK:

    Name

    Type a name for the SD-WAN zone.

    Interface Members

    Click the box to select interface members for the zone.

    Advanced Options

    Expand to specify advanced options.

    The SD-WAN zone with interface members is created.

To edit an interface member:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.

    The SD-WAN templates are displayed in the content pane.

  2. Double-click a template to open it for editing.

    The SD-WAN template opens.

  3. In the Interface Members section, double-click an interface member to open it for editing.

    The Edit SD-WAN Interface Member page is displayed.

  4. Edit the interface as required, and click OK to apply your changes.
To delete an interface member or members:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.

    The SD-WAN templates are displayed in the content pane.

  2. Double-click a template to open it for editing.

    The SD-WAN template opens.

  3. Select the interface or interfaces from the list and click Delete in the toolbar, or right-click the interface and select Delete.

    A Confirm Deletion page is displayed.

  4. Click OK in the confirmation dialog box to delete the interface or interfaces.

Zones and interface members

Zones and interface members

When creating an SD-WAN template, you can create SD-WAN zones and add interface members. Normalized interfaces are not supported for SD-WAN templates. You must bind the interface members by name to physical interfaces or VPN interfaces.

You can select SD-WAN zones as source and destination interfaces in firewall policies. You cannot select interface members of SD-WAN zones in firewall policies.

The default SD-WAN zone is named virtual-wan-link.

You can use meta fields of type Device VDOM for interface members and gateway IP addresses. The following example shows the Interface Member option and the Gateway IP option with meta fields:

This topic describes how to create SD-WAN interface members. It also describes how to create SD-WAN zones and add interface members. It also describes how to edit and delete interface members.

To create SD-WAN interface members:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.

    The SD-WAN templates are displayed in the content pane.

  2. Double-click a template to open it for editing, or click Create New in the toolbar.

    The SD-WAN template opens.

  3. In the Interface Members section, click Create New > SD-WAN Member. The Create New SD-WAN Interface Member page opens.

  4. Enter the following information, then click OK to create the new WAN interface:

    Sequence Number

    Type a number to identify the sequence of the interface in the SD-WAN zone.

    Interface Member

    Type the name of the port.

    You can use meta fields for Interface Members.

    SD-WAN Zone

    Select the SD-WAN zone for the interface member.

    Gateway IP

    The default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to.

    You can use meta fields for Gateway IP.

    Status

    Toggle On to enable the interface member. Toggle Off to disable the interface member.

    The interface member is added to the SD-WAN zone.

To create SD-WAN zones:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.

    The SD-WAN templates are displayed in the content pane.

  2. Double-click an SD-WAN template to open it for editing, or click Create New in the toolbar.

    The SD-WAN template opens.

  3. In the Interface Members section, click Create New > SD-WAN Zone. The Create New WAN Interface page opens.

  4. Enter the following information, and click OK:

    Name

    Type a name for the SD-WAN zone.

    Interface Members

    Click the box to select interface members for the zone.

    Advanced Options

    Expand to specify advanced options.

    The SD-WAN zone with interface members is created.

To edit an interface member:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.

    The SD-WAN templates are displayed in the content pane.

  2. Double-click a template to open it for editing.

    The SD-WAN template opens.

  3. In the Interface Members section, double-click an interface member to open it for editing.

    The Edit SD-WAN Interface Member page is displayed.

  4. Edit the interface as required, and click OK to apply your changes.
To delete an interface member or members:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Templates.

    The SD-WAN templates are displayed in the content pane.

  2. Double-click a template to open it for editing.

    The SD-WAN template opens.

  3. Select the interface or interfaces from the list and click Delete in the toolbar, or right-click the interface and select Delete.

    A Confirm Deletion page is displayed.

  4. Click OK in the confirmation dialog box to delete the interface or interfaces.