Fortinet black logo

Administration Guide

SD-WAN templates

SD-WAN templates

You can use SD-WAN templates to configure SD-WAN for one or more devices. When you assign SD-WAN templates to a device, you are using SD-WAN central management.

If you want to use SD-WAN per-device management, do not assign SD-WAN templates to devices, and see Device DB - System SD-WAN.

SD-WAN templates help you do the following:

  • Deploy a single SD-WAN template from FortiManager across multiple FortiGate devices.
  • Perform a zero-touch deployment without manual configuration locally at the FortiGate devices.
  • Roll out a uniform SD-WAN configuration across your network.
  • Eliminate errors in SD-WAN configuration across multiple FortiGate devices since the SD-WAN template is applied centrally from FortiManager.
  • Monitor network Performance SLA across multiple FortiGate devices centrally from FortiManager.
  • Monitor the performance of your SD-WAN with multiple views.
Note

If you are implementing overlays (IPsec tunnels) in your SD-WAN solution, you may consider SD-WAN Overlay Templates to automate and simplify the process using Fortinet's recommended IPsec and BGP templates. See SD-WAN overlay templates.

Using SD-WAN templates consists of the following steps:

  1. Create an SD-WAN template. See SD-WAN templates.
  2. Assign the SD-WAN templates to FortiGate devices and device groups. See Assign SD-WAN templates to devices and device groups.
  3. Install device settings using the Install Wizard. See Install device settings only.

    Templates should be executed in the following order:

    1. Interface template
    2. IPsec template
    3. SD-WAN template
  4. Go to SD-WAN > Monitor to monitor the FortiGate devices. See SD-WAN Monitor .

The SD-WAN template takes effect on the FortiGate device only after it is installed using the Install Wizard. After installing the SD-WAN template on the FortiGate device, changing settings in SD-WAN, Performance SLA, or SD-WAN Rules locally on the FortiGate device will result in the SD-WAN template on the FortiManager being out of sync with the FortiGate device. You must configure the same settings on the FortiManager SD-WAN template, and install it again by using the Install Wizard to be in sync with the settings on the FortiGate.

Tooltip

Some FortiGate model devices include a default policy to allow initial management access to the device using a specified interface.

As SD-WAN members may not use interfaces that are referenced directly in firewall policies, you must remove this reference by deleting the policy before installing the SD-WAN template.

This can be done manually through the CLI or GUI, or by installing a new policy package to the device that does not contain the default policy.

SD-WAN templates

You can use SD-WAN templates to configure SD-WAN for one or more devices. When you assign SD-WAN templates to a device, you are using SD-WAN central management.

If you want to use SD-WAN per-device management, do not assign SD-WAN templates to devices, and see Device DB - System SD-WAN.

SD-WAN templates help you do the following:

  • Deploy a single SD-WAN template from FortiManager across multiple FortiGate devices.
  • Perform a zero-touch deployment without manual configuration locally at the FortiGate devices.
  • Roll out a uniform SD-WAN configuration across your network.
  • Eliminate errors in SD-WAN configuration across multiple FortiGate devices since the SD-WAN template is applied centrally from FortiManager.
  • Monitor network Performance SLA across multiple FortiGate devices centrally from FortiManager.
  • Monitor the performance of your SD-WAN with multiple views.
Note

If you are implementing overlays (IPsec tunnels) in your SD-WAN solution, you may consider SD-WAN Overlay Templates to automate and simplify the process using Fortinet's recommended IPsec and BGP templates. See SD-WAN overlay templates.

Using SD-WAN templates consists of the following steps:

  1. Create an SD-WAN template. See SD-WAN templates.
  2. Assign the SD-WAN templates to FortiGate devices and device groups. See Assign SD-WAN templates to devices and device groups.
  3. Install device settings using the Install Wizard. See Install device settings only.

    Templates should be executed in the following order:

    1. Interface template
    2. IPsec template
    3. SD-WAN template
  4. Go to SD-WAN > Monitor to monitor the FortiGate devices. See SD-WAN Monitor .

The SD-WAN template takes effect on the FortiGate device only after it is installed using the Install Wizard. After installing the SD-WAN template on the FortiGate device, changing settings in SD-WAN, Performance SLA, or SD-WAN Rules locally on the FortiGate device will result in the SD-WAN template on the FortiManager being out of sync with the FortiGate device. You must configure the same settings on the FortiManager SD-WAN template, and install it again by using the Install Wizard to be in sync with the settings on the FortiGate.

Tooltip

Some FortiGate model devices include a default policy to allow initial management access to the device using a specified interface.

As SD-WAN members may not use interfaces that are referenced directly in firewall policies, you must remove this reference by deleting the policy before installing the SD-WAN template.

This can be done manually through the CLI or GUI, or by installing a new policy package to the device that does not contain the default policy.