Fortinet black logo

Mass Provisioning Using FortiManager

Home FortiManager 7.4.0 Mass Provisioning Using FortiManager
7.4.0
7.4.0

SD-WAN Overlay Template

SD-WAN Overlay Template

This section describes how to use the SD-WAN overlay template to configure the overlay network.

Note

The SD-WAN overlay provisioning template supports metafields for each input box that displays a magnifying glass. For more information, see the FortiManager 7.4 Administration Guide.
To create an overlay template:

  1. In FortiManager, go to Device Manager > Provisioning Templates > SD-WAN Overlay.

    1. If you do not see the SD-WAN Overlay template, select Feature Visibility to enable it.

  2. Click Create New. The Create New SD-WAN Overlay Template wizard activates.

  3. Provide a name and description for the template.

    1. Set the Topology as Dual Hub (Primary & Secondary).

    2. Expand Advanced, and review the default IP address scheme for loopback and overlay networks, BGP-AS number.

    3. Click Next to proceed to Role Assignment.

  4. Set the role assignment:

    1. Set Primary HUB to HUB1.

    2. Set Secondary HUB to HUB2.

    3. Set Device Group Assignment to Branches.

    4. Enable Automatic Branch ID Assignment. Devices added to the selected device group will be automatically assigned a unique value for the branch_id metadata variable.

      Note
      Assign branch ID metadata variables

      By default, the SD-WAN overlay wizard creates the branch_id metadata variable which is used to assign a unique identifier to branch devices. New devices that are imported into FortiManager branch device group are automatically assigned a branch ID when Automatic Branch ID Assignment is selected in the wizard. The branch ID is used in certain network configurations of the overlay network.

      No further configuration is necessary here since we enabled this feature in step 4d in the previous section.

      For more information on Metadata variables, please see the FortiManager Admin Guide.

    5. Click Next to proceed to Network Configuration.

  5. Set the network configuration for the primary HUB:

    1. WAN underlay 1: port1

    2. WAN underlay 2: port2

    3. Leave Network Advertisement on Connected and enter port3 for Interface.

  6. Set the network configuration for the Secondary HUB:

    1. WAN underlay 1: port1

    2. WAN underlay 2: port2

    3. Leave Network Advertisement on Connected and enter port3 for Interface.

    Note

    When entering the port name, it is case sensitive and must match the port as written on the FortiGate exactly.

    Select Private Link if the port is on a private circuit, and you do not want to create an overlay network utilizing this link.

    Select Override IP if you want to manually input an IP address that remote branches will connect to. This is commonly used in public cloud providers where interfaces have private IP address or other NAT’d environments.

  7. Set the network configuration for the branches device group:

    1. WAN underlay 1: port1

    2. WAN underlay 2: port2

    3. Leave Network Advertisement on Connected and enter port3 for Interface.

    4. Click Next to proceed to the SD-WAN Template Options

  8. Configure the SD-WAN Template Options:

    1. Enable Add Overlay Objects to SD-WAN Template

      1. Use the dropdown to select the + icon to create a new template.

      2. Provide a name for the template and click OK.

      3. Select the newly created template.

    2. Enable Add Overlay Interfaces and Zones

    3. Enable Add Health Check Servers for Each HUB as Performance SLA.

    4. Enable Normalize Interfaces.

      1. Enable Add Health Check Firewall Policy to HUB policy Package.

        1. Create a new policy using the + icon and name it HUB_Policy.

      2. Enable Add Health Check Firewall Policy to Branch Policy Package.

        1. Create a new policy using the + icon and name it Branch_Policy.

  9. Click Next to display the summary page

  10. Review the summary to ensure accuracy. Select Finish to save the template.

Previous
Next

SD-WAN Overlay Template

This section describes how to use the SD-WAN overlay template to configure the overlay network.

Note

The SD-WAN overlay provisioning template supports metafields for each input box that displays a magnifying glass. For more information, see the FortiManager 7.4 Administration Guide.
To create an overlay template:

  1. In FortiManager, go to Device Manager > Provisioning Templates > SD-WAN Overlay.

    1. If you do not see the SD-WAN Overlay template, select Feature Visibility to enable it.

  2. Click Create New. The Create New SD-WAN Overlay Template wizard activates.

  3. Provide a name and description for the template.

    1. Set the Topology as Dual Hub (Primary & Secondary).

    2. Expand Advanced, and review the default IP address scheme for loopback and overlay networks, BGP-AS number.

    3. Click Next to proceed to Role Assignment.

  4. Set the role assignment:

    1. Set Primary HUB to HUB1.

    2. Set Secondary HUB to HUB2.

    3. Set Device Group Assignment to Branches.

    4. Enable Automatic Branch ID Assignment. Devices added to the selected device group will be automatically assigned a unique value for the branch_id metadata variable.

      Note
      Assign branch ID metadata variables

      By default, the SD-WAN overlay wizard creates the branch_id metadata variable which is used to assign a unique identifier to branch devices. New devices that are imported into FortiManager branch device group are automatically assigned a branch ID when Automatic Branch ID Assignment is selected in the wizard. The branch ID is used in certain network configurations of the overlay network.

      No further configuration is necessary here since we enabled this feature in step 4d in the previous section.

      For more information on Metadata variables, please see the FortiManager Admin Guide.

    5. Click Next to proceed to Network Configuration.

  5. Set the network configuration for the primary HUB:

    1. WAN underlay 1: port1

    2. WAN underlay 2: port2

    3. Leave Network Advertisement on Connected and enter port3 for Interface.

  6. Set the network configuration for the Secondary HUB:

    1. WAN underlay 1: port1

    2. WAN underlay 2: port2

    3. Leave Network Advertisement on Connected and enter port3 for Interface.

    Note

    When entering the port name, it is case sensitive and must match the port as written on the FortiGate exactly.

    Select Private Link if the port is on a private circuit, and you do not want to create an overlay network utilizing this link.

    Select Override IP if you want to manually input an IP address that remote branches will connect to. This is commonly used in public cloud providers where interfaces have private IP address or other NAT’d environments.

  7. Set the network configuration for the branches device group:

    1. WAN underlay 1: port1

    2. WAN underlay 2: port2

    3. Leave Network Advertisement on Connected and enter port3 for Interface.

    4. Click Next to proceed to the SD-WAN Template Options

  8. Configure the SD-WAN Template Options:

    1. Enable Add Overlay Objects to SD-WAN Template

      1. Use the dropdown to select the + icon to create a new template.

      2. Provide a name for the template and click OK.

      3. Select the newly created template.

    2. Enable Add Overlay Interfaces and Zones

    3. Enable Add Health Check Servers for Each HUB as Performance SLA.

    4. Enable Normalize Interfaces.

      1. Enable Add Health Check Firewall Policy to HUB policy Package.

        1. Create a new policy using the + icon and name it HUB_Policy.

      2. Enable Add Health Check Firewall Policy to Branch Policy Package.

        1. Create a new policy using the + icon and name it Branch_Policy.

  9. Click Next to display the summary page

  10. Review the summary to ensure accuracy. Select Finish to save the template.

Previous
Next