Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Configuring an SD-WAN overlay template

The SD-WAN overlay template wizard guides you through deployment of SD-WAN overlays in your network. After the configuration of the template is finished, multiple provisioning templates are generated for use in your SD-WAN environment.

Note

The SD-WAN overlay template wizard can be run again to re-generate the provisioning templates later if required. See Editing the SD-WAN overlay template.

To create an SD-WAN overlay template:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Overlay Templates.
  2. Click Create New.
    The Create New SD-WAN Overlay Template wizard opens.
  3. Enter a name and description for the new SD-WAN overlay template, and click OK.
  4. For the Region Settings, configure the following settings and click Next.
    Select New Topology

    Select a topology type based on your environment. Topologies include the following:

    • Single Hub
    • Dual Hub (Primary/Secondary)
    • Dual Hub (Primary/Primary)

    The options presented in the wizard change based on the topology selected.

    Note

    Primary/Secondary and Primary/Primary are the same configuration, with the difference being that in a Primary/Secondary deployment, the Secondary hub is given a higher cost than the Primary. This cost is controlled by the SDWAN rule.

    Advanced

    Expand to view additional configurable settings.

    These fields are preconfigured with settings that will work in many situations, but you may need to adjust these to match your own networking environment. They should match the addresses you identified when considering the SD-WAN overlay template prerequisites. SeeTemplate prerequisites and network planning .

     

    Loopback IP Address

    Optionally, you can configure the loopback IP address.

    By default, this setting is set to 172.16.0.0/255.255.0.0.

     

    Overlay Network

    Optionally, you can configure the overlay network.

    By default, this setting is set to 10.10.0.0/255.255.0.0.

     

    BGP-AS Number

    Optionally, you can configure the BGP AS number.

    By default, this setting is set to 65000.

     

    Auto-Discovery VPN

    Optionally, you can toggle this setting ON to enable Auto Discovery VPN (ADVPN).

  5. For the Role Assignment, configure the following settings and click Next.
    Topology Optionally, you can change the topology type that you selected on the previous screen.
    Hub

    Select the SD-WAN hubs. The number of hubs required depend on the topology selected:

    • Single Hub: One standalone hub.
    • Dual Hub (Primary & Secondary): One primary and one secondary hub.
    • Dual Hub (Primary & Primary): Two primary hubs.

    Hub devices must be added to FortiManager before creating the SD-WAN overlay template.

    Branch

    Select the device group containing your SD-WAN branch devices.

    Devices included in this device group are configured as SD-WAN branch devices as a part of this template.

    Additional devices can be added to the selected device group later to receive the SD-WAN branch configuration when performing an installation on that device. This simplifies the onboarding of new branch devices. See Onboarding new branch devices.

  6. For the Network Configuration, configure the following settings and click Next.

    Hub

     

    Configure the network settings for each hub in your configuration. The number and types of hubs present depend on the topology you selected.

     

    WAN Underlay

    Type the interfaces for each WAN underlay. You can add additional WAN underlays by clicking the add icon.

    For each WAN underlay, you can optionally enable the following settings:

    • Private Link: No overlays will be created on private links.
    • Override IP: Override the IP address for the WAN underlay with the provided IP address. This option is not available when Private Link is enabled.

     

    Network Advertisement

  7. Configure network advertisement for the hub. Network advertisement can be set to one of the following:
    • Connected: Type the network interface to advertise. Additional interfaces can be added by clicking the add icon.
    • Static: Type the network prefix to advertise. Additional network prefixes can be added by clicking the add icon.

     

    Advanced

    Expand to view advanced settings, including configuration of SD-WAN neighbors.

    Click Neighbors > Create New to add a new SD-WAN neighbor for the hub.

    Branch Route Maps

     

    Optionally, move the toggle to the ON position to enable branch maps, and then select the corresponding route map. You can create a new route map by clicking the add icon.

    Branch

     

    Configure the network settings for the branch devices in your configuration.

     

    WAN Underlay

    Type the interfaces for the SD-WAN branch WAN underlay. You can add additional WAN underlays by clicking the add icon.

    For each WAN underlay, you can optionally enable the following settings:

    • Private Link: No overlays will be created on private links.

     

    Network Advertisement

    Configure network advertisement for the branch. Network advertisement can be set to one of the following:

      • Connected: Type the network interface to advertise. Additional interfaces can be added by clicking the add icon.
      • Static: Type the network prefix to advertise. Additional network prefixes can be added by clicking the add icon.

     

    Advanced

    Expand to view advanced settings, including configuration of route maps for hub overlays. You can apply the route map settings to all hub overlays or specify them individually.

  8. For the Template Options, configure the following settings and click Next.

    Add Overlay Objects to SD-WAN Template

    Optionally, you can toggle this setting ON to automatically add the overlay objects configured by this template to a new or existing SD-WAN template.

    Select an existing SD-WAN template or click the add icon to create a new SD-WAN template. See SD-WAN templates.

    Add Overlay Interfaces and Zones Optionally, you can toggle this setting ON to add overlay interfaces and zones.
    Add Healthcheck Servers for Each HUB as Performance SLA Optionally, you can toggle this setting ON to add health check servers for each hub as performance SLAs.
  9. The summary window displays a summary of the SD-WAN overlay configurations that will be created by this template. When you click Finish, multiple provisioning templates are created based on the information you provided. The templates are automatically assigned to the devices specified by the wizard.
  10. Once complete, you can continue to deploy the SD-WAN provisioning templates in your environment. See Using the SD-WAN overlay template.

Configuring an SD-WAN overlay template

The SD-WAN overlay template wizard guides you through deployment of SD-WAN overlays in your network. After the configuration of the template is finished, multiple provisioning templates are generated for use in your SD-WAN environment.

Note

The SD-WAN overlay template wizard can be run again to re-generate the provisioning templates later if required. See Editing the SD-WAN overlay template.

To create an SD-WAN overlay template:
  1. Go to Device Manager > Provisioning Templates > SD-WAN Overlay Templates.
  2. Click Create New.
    The Create New SD-WAN Overlay Template wizard opens.
  3. Enter a name and description for the new SD-WAN overlay template, and click OK.
  4. For the Region Settings, configure the following settings and click Next.
    Select New Topology

    Select a topology type based on your environment. Topologies include the following:

    • Single Hub
    • Dual Hub (Primary/Secondary)
    • Dual Hub (Primary/Primary)

    The options presented in the wizard change based on the topology selected.

    Note

    Primary/Secondary and Primary/Primary are the same configuration, with the difference being that in a Primary/Secondary deployment, the Secondary hub is given a higher cost than the Primary. This cost is controlled by the SDWAN rule.

    Advanced

    Expand to view additional configurable settings.

    These fields are preconfigured with settings that will work in many situations, but you may need to adjust these to match your own networking environment. They should match the addresses you identified when considering the SD-WAN overlay template prerequisites. SeeTemplate prerequisites and network planning .

     

    Loopback IP Address

    Optionally, you can configure the loopback IP address.

    By default, this setting is set to 172.16.0.0/255.255.0.0.

     

    Overlay Network

    Optionally, you can configure the overlay network.

    By default, this setting is set to 10.10.0.0/255.255.0.0.

     

    BGP-AS Number

    Optionally, you can configure the BGP AS number.

    By default, this setting is set to 65000.

     

    Auto-Discovery VPN

    Optionally, you can toggle this setting ON to enable Auto Discovery VPN (ADVPN).

  5. For the Role Assignment, configure the following settings and click Next.
    Topology Optionally, you can change the topology type that you selected on the previous screen.
    Hub

    Select the SD-WAN hubs. The number of hubs required depend on the topology selected:

    • Single Hub: One standalone hub.
    • Dual Hub (Primary & Secondary): One primary and one secondary hub.
    • Dual Hub (Primary & Primary): Two primary hubs.

    Hub devices must be added to FortiManager before creating the SD-WAN overlay template.

    Branch

    Select the device group containing your SD-WAN branch devices.

    Devices included in this device group are configured as SD-WAN branch devices as a part of this template.

    Additional devices can be added to the selected device group later to receive the SD-WAN branch configuration when performing an installation on that device. This simplifies the onboarding of new branch devices. See Onboarding new branch devices.

  6. For the Network Configuration, configure the following settings and click Next.

    Hub

     

    Configure the network settings for each hub in your configuration. The number and types of hubs present depend on the topology you selected.

     

    WAN Underlay

    Type the interfaces for each WAN underlay. You can add additional WAN underlays by clicking the add icon.

    For each WAN underlay, you can optionally enable the following settings:

    • Private Link: No overlays will be created on private links.
    • Override IP: Override the IP address for the WAN underlay with the provided IP address. This option is not available when Private Link is enabled.

     

    Network Advertisement

  7. Configure network advertisement for the hub. Network advertisement can be set to one of the following:
    • Connected: Type the network interface to advertise. Additional interfaces can be added by clicking the add icon.
    • Static: Type the network prefix to advertise. Additional network prefixes can be added by clicking the add icon.

     

    Advanced

    Expand to view advanced settings, including configuration of SD-WAN neighbors.

    Click Neighbors > Create New to add a new SD-WAN neighbor for the hub.

    Branch Route Maps

     

    Optionally, move the toggle to the ON position to enable branch maps, and then select the corresponding route map. You can create a new route map by clicking the add icon.

    Branch

     

    Configure the network settings for the branch devices in your configuration.

     

    WAN Underlay

    Type the interfaces for the SD-WAN branch WAN underlay. You can add additional WAN underlays by clicking the add icon.

    For each WAN underlay, you can optionally enable the following settings:

    • Private Link: No overlays will be created on private links.

     

    Network Advertisement

    Configure network advertisement for the branch. Network advertisement can be set to one of the following:

      • Connected: Type the network interface to advertise. Additional interfaces can be added by clicking the add icon.
      • Static: Type the network prefix to advertise. Additional network prefixes can be added by clicking the add icon.

     

    Advanced

    Expand to view advanced settings, including configuration of route maps for hub overlays. You can apply the route map settings to all hub overlays or specify them individually.

  8. For the Template Options, configure the following settings and click Next.

    Add Overlay Objects to SD-WAN Template

    Optionally, you can toggle this setting ON to automatically add the overlay objects configured by this template to a new or existing SD-WAN template.

    Select an existing SD-WAN template or click the add icon to create a new SD-WAN template. See SD-WAN templates.

    Add Overlay Interfaces and Zones Optionally, you can toggle this setting ON to add overlay interfaces and zones.
    Add Healthcheck Servers for Each HUB as Performance SLA Optionally, you can toggle this setting ON to add health check servers for each hub as performance SLAs.
  9. The summary window displays a summary of the SD-WAN overlay configurations that will be created by this template. When you click Finish, multiple provisioning templates are created based on the information you provided. The templates are automatically assigned to the devices specified by the wizard.
  10. Once complete, you can continue to deploy the SD-WAN provisioning templates in your environment. See Using the SD-WAN overlay template.