Fortinet black logo

Mass Provisioning Using FortiManager

Home FortiManager 7.4.0 Mass Provisioning Using FortiManager
7.4.0
7.4.0

Branch policy package

Branch policy package

To configure the branch policy package:

  1. Navigate to Policy & Objects > Policy Packages.

    Notice that Branch_Policy has already been created from the SD-WAN Overlay wizard.

  2. Select Branch_Policy > Firewall Policy.
    Notice how the policy package already contains a policy.

  3. Select Create New > Create New to create a new policy. The Create New Firewall Policy pane opens.

  4. Set the following options, and click OK:

    Name

    Branch to Datacenter

    Incoming Interface

    LAN

    Outgoing Interface

    HUB1, HUB2 (These are SDWAN Zones)

    Source

    Branch network

    Destination

    Datacenter Network

    Action

    Accept

  5. In the same Branches policy package, select Create New to define a second policy, Direct Internet Access:

    Name

    Direct Internet Access

    Incoming Interface

    LAN

    Outgoing Interface

    WAN1, WAN2 (These are SD-WAN Zones)

    IPv4 Source Address

    Branch network

    IPv4 Destination Address

    all

    Action

    Accept

    NAT

    Enable

  1. Assign the Branches policy package to the Branches device group.

    1. From Policy & Objects > Policy Packages > Branches, select Installation Targets.

    2. Verify that the Branches device group is populated under Installation Target.

Previous
Next

Branch policy package

To configure the branch policy package:

  1. Navigate to Policy & Objects > Policy Packages.

    Notice that Branch_Policy has already been created from the SD-WAN Overlay wizard.

  2. Select Branch_Policy > Firewall Policy.
    Notice how the policy package already contains a policy.

  3. Select Create New > Create New to create a new policy. The Create New Firewall Policy pane opens.

  4. Set the following options, and click OK:

    Name

    Branch to Datacenter

    Incoming Interface

    LAN

    Outgoing Interface

    HUB1, HUB2 (These are SDWAN Zones)

    Source

    Branch network

    Destination

    Datacenter Network

    Action

    Accept

  5. In the same Branches policy package, select Create New to define a second policy, Direct Internet Access:

    Name

    Direct Internet Access

    Incoming Interface

    LAN

    Outgoing Interface

    WAN1, WAN2 (These are SD-WAN Zones)

    IPv4 Source Address

    Branch network

    IPv4 Destination Address

    all

    Action

    Accept

    NAT

    Enable

  1. Assign the Branches policy package to the Branches device group.

    1. From Policy & Objects > Policy Packages > Branches, select Installation Targets.

    2. Verify that the Branches device group is populated under Installation Target.

Previous
Next