Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    Home FortiManager 7.4.0 New Features
    7.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.7
    6.2.3
    6.2.2
    6.2.1
    6.2.0

    Automated SD-WAN post overlay process creates policies to allow the health-checks traffic to flow between Branch and HUB

    Automated SD-WAN post overlay process creates policies to allow the health-checks traffic to flow between Branch and HUB

    Note

    This information is also available in the FortiManager 7.4 Administration Guide:

    Automated SD-WAN post overlay process creates policies to allow the health-checks traffic to flow between Branch and HUB.

    The SD-WAN overlay template includes two new options in the wizard to automate the post-wizard processes. The SD-WAN overlay template example configured in this document uses a dual-hub topology.

    1. Normalize Interfaces
      Enable the Normalize Interfaces option to normalize the SD-WAN zones created by the template.
      • The following normalized interface is created for the SD-WAN Hub(s):
        • HUB-Lo with Per-Device Mapping to HUB1-Lo for the HUB 1 device and HUB2-Lo from the HUB 2 device.
      • The following normalized interfaces are created for branch devices:
        • The HUB1 SD-WAN zone is mapped per-platform to HUB1.
        • The HUB2 SD-WAN zone is mapped per-platform to HUB2.
        • VPN IPsec tunnel templates are created for HUB interfaces when using the SD-WAN overlay template. When Normalized Interface is enabled, normalized interfaces for the VPNs are added to the normalized interface list.
    2. Add Health Check Firewall Policy to Hub/Branch Policy Package
      Enable the Add Health Check Firewall Policy to Hub/Branch Policy Package option to create health check firewall policies (or policy blocks) for HUB(s) and branches.
      • Users must select the HUB and branch policy package that will be used during the wizard configuration. You can select an existing policy package or create a new one.
      • Based on the selection, firewall policies (or policy blocks) are created to allow SLA health checks to each device loopback.
      • The SD-WAN overlay template creates the policy block and applies it to the top of the HUB Policy Package.
      • A policy block is not created for the SD-WAN branch Policy Package.
    Previous
    Next

    Automated SD-WAN post overlay process creates policies to allow the health-checks traffic to flow between Branch and HUB

    Automated SD-WAN post overlay process creates policies to allow the health-checks traffic to flow between Branch and HUB

    Note

    This information is also available in the FortiManager 7.4 Administration Guide:

    Automated SD-WAN post overlay process creates policies to allow the health-checks traffic to flow between Branch and HUB.

    The SD-WAN overlay template includes two new options in the wizard to automate the post-wizard processes. The SD-WAN overlay template example configured in this document uses a dual-hub topology.

    1. Normalize Interfaces
      Enable the Normalize Interfaces option to normalize the SD-WAN zones created by the template.
      • The following normalized interface is created for the SD-WAN Hub(s):
        • HUB-Lo with Per-Device Mapping to HUB1-Lo for the HUB 1 device and HUB2-Lo from the HUB 2 device.
      • The following normalized interfaces are created for branch devices:
        • The HUB1 SD-WAN zone is mapped per-platform to HUB1.
        • The HUB2 SD-WAN zone is mapped per-platform to HUB2.
        • VPN IPsec tunnel templates are created for HUB interfaces when using the SD-WAN overlay template. When Normalized Interface is enabled, normalized interfaces for the VPNs are added to the normalized interface list.
    2. Add Health Check Firewall Policy to Hub/Branch Policy Package
      Enable the Add Health Check Firewall Policy to Hub/Branch Policy Package option to create health check firewall policies (or policy blocks) for HUB(s) and branches.
      • Users must select the HUB and branch policy package that will be used during the wizard configuration. You can select an existing policy package or create a new one.
      • Based on the selection, firewall policies (or policy blocks) are created to allow SLA health checks to each device loopback.
      • The SD-WAN overlay template creates the policy block and applies it to the top of the HUB Policy Package.
      • A policy block is not created for the SD-WAN branch Policy Package.
    Previous
    Next