Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiPortal 7.0.9 User Guide
    7.0.9
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Page actions

    Page actions

    The following actions are available in the Configuration tab:

    • Devices: Select devices in Central Management to create SD-WAN templates or Per Device to create Interface members, Performance SLA, and SD-WAN rules.

    • SD-WAN Templates/Interface Members/Performance SLA/SD-WAN Rules: select SD-WAN Templates, Interface Members, Performance SLA, or SD-WAN Rules depending on the option selected in Devices.

    • Add/Create: Click to create new SD-WAN Templates, SD-WAN Member, SD-WAN Zone, Performance SLA, and SD-WAN Rules.

      Per device SD-WAN members and zones can be created when Interface Members is selected.

    • Edit: Edit an SD-WAN template, interface member, performance SLA, and SD-WAN rule.

    • Delete: Delete an SD-WAN template, interface member, performance SLA, or SD-WAN rule.

    • Assign to Device: Assign an SD-WAN template to a device.

    • Move: Move an SD-WAN rule.

    • Search: Search for SD-WAN rules.

    • Sort: Sort data in ascending or descending order.

    A dropdown list at the bottom allows for selecting the number of entries to display per page.

    SD-WAN Templates

    Select SD-WAN Templates from the dropdown in the SD-WAN > Configuration tab to define an SD-WAN for an ADOM.

    To add an SD-WAN Template:
    1. Select Configuration in SD-WAN.
    2. Ensure that a device under Central Management is selected.
    3. Select SD-WAN Templates in the dropdown.
    4. Select Create.
    5. Enter values in the relevant fields.

      Settings

      Guidelines

      Name

      Enter a name for the new template.

      Description

      Enter a description for the new template.

      Status

      Select enable to enable the SD-WAN status.

      Interface Members

      Define which physical FortiPortal interfaces belong to the SD-WAN. Interfaces belonging to the SD-WAN template.

      Performance SLA

      Define a new performance service level agreement (SLA). Define a performance SLA.

      SD-WAN Rule

      Define SD-WAN rules to control how sessions are distributed to physical interfaces in the SD-WAN. Define SD-WAN rules.

    6. Click Submit.
    Interfaces belonging to the SD-WAN template

    SD-WAN interfaces are the ports and interfaces that are used to run traffic. At least one interface must be configured for the SD-WAN to function; up to 255 member interfaces can be configured.

    In the Interface Members pane in SD-WAN > Configuration > SD-WAN Template, the following actions are available:

    • Create: Define a new interface member or SD-WAN zone.

    • Edit: Edit an interface member or SD-WAN zone.

    • Delete: Delete an interface member or SD-WAN zone.

    To define which physical interfaces belong to the SD-WAN template:
    1. After step 4 in To add an SD-WAN Template:, in the Interface Members pane, select SD-WAN Member from the Create dropdown.
    2. In the Create New SD-WAN Interface Members dialog, enter values in the relevant fields.

      Settings

      Guidelines

      Sequence Number

      Member sequence number. The range is 0-4294967295.

      Interface Member

      Enter a name for the interface member.

      SD-WAN Zone

      From the dropdown, select an SD-WAN zone.

      Gateway IP

      Enter the IPv4 address of the default gateway for this interface.

      Cost

      More traffic is directed to interfaces with higher costs. The cost field must be 0 or more.

      Status

      Toggle On or Off to enable or disable the SD-WAN status.

      Priority

      Assign interfaces a priority based on the priority assigned to the interface.

    3. Click Submit.
    To create a new SD-WAN zone:
    1. After step 4 in To add an SD-WAN Template:, in the Interface Members pane, select SD-WAN Zone from the Create dropdown.
    2. In the Create New SD-WAN Zone dialog:
      1. Enter a name for the SD-WAN zone.
      2. Add interface members from the Interface Members dropdown.
    3. Click Submit.
    Define a performance SLA

    Use the Performance SLA pane in SD-WAN > Configuration > SD-WAN Template to configure SLA management.

    In the Performance SLA pane, the following actions are available:

    • Create: Define a new performance SLA.

    • Edit: Edit an existing performance SLA.

    • Delete: Delete an existing performance SLA.

    To add a new performance SLA:
    1. After step 4 in To add an SD-WAN Template:, select Create in the Performance SLA pane.
    2. In the Create New Performance SLA dialog, enter values in the relevant fields.

      Settings

      Guidelines

      Name

      Enter a name for the performance SLA.

      IP Version

      From the dropdown, select either IPv4 or IPv6.

      Probe Mode

      Select Active, Passive, or Prefer Passive probe mode.

      Protocol

      Protocol used to determine if the FortiPortal unit can communicate with the server. Select HTTP, Ping, TCPECHO, TWAMP, or UDP ECHO.

      Health Check Server

      Select a health check server.

      Participants

      All SD-WAN Members or Specify the SD-WAN members.

      Enable Probe Packets

      Toggle On or Off sending probe packets.

      SLA

      Select Create, enter values in the relevant fields, and click Submit.

      Latency Threshold

      Latency for SLA to make decision in milliseconds. The default is 5; the range is 0 - 10000000.

      Jitter Threshold

      Jitter for SLA to make decision in milliseconds. The default is 5; the range is 0 -10000000.

      Packet Loss Threshold

      Packet loss for SLA to make decision in percentage. The default is 0; the range is 0 -100.

      Link Status

      Interval

      Status check interval, which is the time between attempting to connect to the server, in seconds (1 - 3600, default = 5).

      Failure Before Inactive

      Number of failures before server is considered lost (1 - 10, default = 5).

      Restore Link After

      Number of successful responses received before the server is considered recovered (1 - 10, default = 5).

      Action When Inactive

      Update Static Route

      Toggle On or Off updating the static route.

      Update Cascade Interface

      Toggle On or Off updating the cascade interface.

      sla-fail-log-period

      Enter the time interval SLA fail logs are generated in, in seconds.

      sla-pass-log-period

      Enter the time interval SLA pass logs are generated in, in seconds.

    3. Click Submit.
    Define SD-WAN rules

    Use the SD-WAN Rule pane in SD-WAN > Configuration > SD-WAN Template to configure SD-WAN rules or priority rules to control how sessions are distributed to physical interfaces in the SD-WAN.

    In the SD-WAN Rule pane, the following actions are available:

    • Create: Define an SD-WAN rule.

    • Edit: Edit an existing SD-WAN rule.

    • Delete: Delete an existing SD-WAN rule.

    • Move: Move an SD-WAN rule.

    To add a new SD-WAN rule:
    1. After step 4 in To add an SD-WAN Template:, select Create in the SD-WAN Rule pane.
    2. In the Create New SD-WAN Rules dialog, enter values in the relevant fields.

      Settings

      Guidelines

      Name

      Enter a priority rule name.

      IP Version

      From the dropdown, select either IPv4 or IPv6.

      Source

      Source Address

      Select the source addresses from the list.

      User(s)

      Select the users from the list.

      User Groups

      Select the user groups from the list.

      Destination

      Select Address to use destination addresses or select Internet Service to use destination Internet services.

      Address

      Available if Destination is set to Address. Select the destination addresses from the list.

      Route Tag

      Available if Destination is set to Address. Available when route tags are defined for BGP route-map.

      Protocol

      Available if Destination is set to Address. Select TCP, UDP, ANY, or Specify. If you select Specify, enter the protocol number, type of service, and bit mask.

      Type of Service Bit Mask

      Type of service evaluated bits. This value determines which bits in the IP header’s TOS field are significant.

      Type of Service

      Type of service bit pattern.

      Internet Service

      Available if Destination is set to Internet Service. Select the Internet services from the list.

      Internet Service Group

      Available if Destination is set to Internet Service. Select the Internet service groups from the list.

      Custom Internet Service

      Available if Destination is set to Internet Service. Select the custom Internet services from the list.

      Custom Internet Service Group

      Available if Destination is set to Internet Service. Select the custom Internet services group from the list.

      Application

      Available if Destination is set to Internet Service. Select the applications from the list.

      Application Group

      Available if Destination is set to Internet Service. Select the application groups from the list.

      Outgoing Interfaces

      Strategy

      Select Manual, Best Quality, Lowest Cost (SLA), or Maximize Bandwidth (SLA).

      Interface Preference

      Set interface preference order when multiple eligible links have the same cost.

    3. Click Submit.

    Per Device Interface Members

    To add a new interface member per device:
    1. Select Configuration in SD-WAN.
    2. Ensure that a device under Per Device is selected.
    3. Select Interface Members from the dropdown.
    4. In Add, select SD-WAN Member or SD-WAN Zone.
    5. Enter values in the relevant fields in To define which physical interfaces belong to the SD-WAN template:for SD-WAN Member and in To create a new SD-WAN zone:for SD-WAN Zone.
    6. Click Save.

    Per Device Performance SLA

    To add a new performance SLA per device:
    1. Select Configuration in SD-WAN.
    2. Ensure that a device under Per Device is selected.
    3. Select Performance SLA from the dropdown.
    4. Select Create.
    5. Enter values in the relevant fields in To add a new performance SLA:.
    6. Click Save.

    Per Device SD-WAN Rules

    To add a new SD-WAN rule per device:
    1. Select Configuration in SD-WAN.
    2. Ensure that a device under Per Device is selected.
    3. Select SD-WAN Rules from the dropdown.
    4. Select Create.
    5. Enter values in the relevant fields in To add a new SD-WAN rule:.
    6. Click Save.
    Previous
    Next

    Page actions

    Page actions

    The following actions are available in the Configuration tab:

    • Devices: Select devices in Central Management to create SD-WAN templates or Per Device to create Interface members, Performance SLA, and SD-WAN rules.

    • SD-WAN Templates/Interface Members/Performance SLA/SD-WAN Rules: select SD-WAN Templates, Interface Members, Performance SLA, or SD-WAN Rules depending on the option selected in Devices.

    • Add/Create: Click to create new SD-WAN Templates, SD-WAN Member, SD-WAN Zone, Performance SLA, and SD-WAN Rules.

      Per device SD-WAN members and zones can be created when Interface Members is selected.

    • Edit: Edit an SD-WAN template, interface member, performance SLA, and SD-WAN rule.

    • Delete: Delete an SD-WAN template, interface member, performance SLA, or SD-WAN rule.

    • Assign to Device: Assign an SD-WAN template to a device.

    • Move: Move an SD-WAN rule.

    • Search: Search for SD-WAN rules.

    • Sort: Sort data in ascending or descending order.

    A dropdown list at the bottom allows for selecting the number of entries to display per page.

    SD-WAN Templates

    Select SD-WAN Templates from the dropdown in the SD-WAN > Configuration tab to define an SD-WAN for an ADOM.

    To add an SD-WAN Template:
    1. Select Configuration in SD-WAN.
    2. Ensure that a device under Central Management is selected.
    3. Select SD-WAN Templates in the dropdown.
    4. Select Create.
    5. Enter values in the relevant fields.

      Settings

      Guidelines

      Name

      Enter a name for the new template.

      Description

      Enter a description for the new template.

      Status

      Select enable to enable the SD-WAN status.

      Interface Members

      Define which physical FortiPortal interfaces belong to the SD-WAN. Interfaces belonging to the SD-WAN template.

      Performance SLA

      Define a new performance service level agreement (SLA). Define a performance SLA.

      SD-WAN Rule

      Define SD-WAN rules to control how sessions are distributed to physical interfaces in the SD-WAN. Define SD-WAN rules.

    6. Click Submit.
    Interfaces belonging to the SD-WAN template

    SD-WAN interfaces are the ports and interfaces that are used to run traffic. At least one interface must be configured for the SD-WAN to function; up to 255 member interfaces can be configured.

    In the Interface Members pane in SD-WAN > Configuration > SD-WAN Template, the following actions are available:

    • Create: Define a new interface member or SD-WAN zone.

    • Edit: Edit an interface member or SD-WAN zone.

    • Delete: Delete an interface member or SD-WAN zone.

    To define which physical interfaces belong to the SD-WAN template:
    1. After step 4 in To add an SD-WAN Template:, in the Interface Members pane, select SD-WAN Member from the Create dropdown.
    2. In the Create New SD-WAN Interface Members dialog, enter values in the relevant fields.

      Settings

      Guidelines

      Sequence Number

      Member sequence number. The range is 0-4294967295.

      Interface Member

      Enter a name for the interface member.

      SD-WAN Zone

      From the dropdown, select an SD-WAN zone.

      Gateway IP

      Enter the IPv4 address of the default gateway for this interface.

      Cost

      More traffic is directed to interfaces with higher costs. The cost field must be 0 or more.

      Status

      Toggle On or Off to enable or disable the SD-WAN status.

      Priority

      Assign interfaces a priority based on the priority assigned to the interface.

    3. Click Submit.
    To create a new SD-WAN zone:
    1. After step 4 in To add an SD-WAN Template:, in the Interface Members pane, select SD-WAN Zone from the Create dropdown.
    2. In the Create New SD-WAN Zone dialog:
      1. Enter a name for the SD-WAN zone.
      2. Add interface members from the Interface Members dropdown.
    3. Click Submit.
    Define a performance SLA

    Use the Performance SLA pane in SD-WAN > Configuration > SD-WAN Template to configure SLA management.

    In the Performance SLA pane, the following actions are available:

    • Create: Define a new performance SLA.

    • Edit: Edit an existing performance SLA.

    • Delete: Delete an existing performance SLA.

    To add a new performance SLA:
    1. After step 4 in To add an SD-WAN Template:, select Create in the Performance SLA pane.
    2. In the Create New Performance SLA dialog, enter values in the relevant fields.

      Settings

      Guidelines

      Name

      Enter a name for the performance SLA.

      IP Version

      From the dropdown, select either IPv4 or IPv6.

      Probe Mode

      Select Active, Passive, or Prefer Passive probe mode.

      Protocol

      Protocol used to determine if the FortiPortal unit can communicate with the server. Select HTTP, Ping, TCPECHO, TWAMP, or UDP ECHO.

      Health Check Server

      Select a health check server.

      Participants

      All SD-WAN Members or Specify the SD-WAN members.

      Enable Probe Packets

      Toggle On or Off sending probe packets.

      SLA

      Select Create, enter values in the relevant fields, and click Submit.

      Latency Threshold

      Latency for SLA to make decision in milliseconds. The default is 5; the range is 0 - 10000000.

      Jitter Threshold

      Jitter for SLA to make decision in milliseconds. The default is 5; the range is 0 -10000000.

      Packet Loss Threshold

      Packet loss for SLA to make decision in percentage. The default is 0; the range is 0 -100.

      Link Status

      Interval

      Status check interval, which is the time between attempting to connect to the server, in seconds (1 - 3600, default = 5).

      Failure Before Inactive

      Number of failures before server is considered lost (1 - 10, default = 5).

      Restore Link After

      Number of successful responses received before the server is considered recovered (1 - 10, default = 5).

      Action When Inactive

      Update Static Route

      Toggle On or Off updating the static route.

      Update Cascade Interface

      Toggle On or Off updating the cascade interface.

      sla-fail-log-period

      Enter the time interval SLA fail logs are generated in, in seconds.

      sla-pass-log-period

      Enter the time interval SLA pass logs are generated in, in seconds.

    3. Click Submit.
    Define SD-WAN rules

    Use the SD-WAN Rule pane in SD-WAN > Configuration > SD-WAN Template to configure SD-WAN rules or priority rules to control how sessions are distributed to physical interfaces in the SD-WAN.

    In the SD-WAN Rule pane, the following actions are available:

    • Create: Define an SD-WAN rule.

    • Edit: Edit an existing SD-WAN rule.

    • Delete: Delete an existing SD-WAN rule.

    • Move: Move an SD-WAN rule.

    To add a new SD-WAN rule:
    1. After step 4 in To add an SD-WAN Template:, select Create in the SD-WAN Rule pane.
    2. In the Create New SD-WAN Rules dialog, enter values in the relevant fields.

      Settings

      Guidelines

      Name

      Enter a priority rule name.

      IP Version

      From the dropdown, select either IPv4 or IPv6.

      Source

      Source Address

      Select the source addresses from the list.

      User(s)

      Select the users from the list.

      User Groups

      Select the user groups from the list.

      Destination

      Select Address to use destination addresses or select Internet Service to use destination Internet services.

      Address

      Available if Destination is set to Address. Select the destination addresses from the list.

      Route Tag

      Available if Destination is set to Address. Available when route tags are defined for BGP route-map.

      Protocol

      Available if Destination is set to Address. Select TCP, UDP, ANY, or Specify. If you select Specify, enter the protocol number, type of service, and bit mask.

      Type of Service Bit Mask

      Type of service evaluated bits. This value determines which bits in the IP header’s TOS field are significant.

      Type of Service

      Type of service bit pattern.

      Internet Service

      Available if Destination is set to Internet Service. Select the Internet services from the list.

      Internet Service Group

      Available if Destination is set to Internet Service. Select the Internet service groups from the list.

      Custom Internet Service

      Available if Destination is set to Internet Service. Select the custom Internet services from the list.

      Custom Internet Service Group

      Available if Destination is set to Internet Service. Select the custom Internet services group from the list.

      Application

      Available if Destination is set to Internet Service. Select the applications from the list.

      Application Group

      Available if Destination is set to Internet Service. Select the application groups from the list.

      Outgoing Interfaces

      Strategy

      Select Manual, Best Quality, Lowest Cost (SLA), or Maximize Bandwidth (SLA).

      Interface Preference

      Set interface preference order when multiple eligible links have the same cost.

    3. Click Submit.

    Per Device Interface Members

    To add a new interface member per device:
    1. Select Configuration in SD-WAN.
    2. Ensure that a device under Per Device is selected.
    3. Select Interface Members from the dropdown.
    4. In Add, select SD-WAN Member or SD-WAN Zone.
    5. Enter values in the relevant fields in To define which physical interfaces belong to the SD-WAN template:for SD-WAN Member and in To create a new SD-WAN zone:for SD-WAN Zone.
    6. Click Save.

    Per Device Performance SLA

    To add a new performance SLA per device:
    1. Select Configuration in SD-WAN.
    2. Ensure that a device under Per Device is selected.
    3. Select Performance SLA from the dropdown.
    4. Select Create.
    5. Enter values in the relevant fields in To add a new performance SLA:.
    6. Click Save.

    Per Device SD-WAN Rules

    To add a new SD-WAN rule per device:
    1. Select Configuration in SD-WAN.
    2. Ensure that a device under Per Device is selected.
    3. Select SD-WAN Rules from the dropdown.
    4. Select Create.
    5. Enter values in the relevant fields in To add a new SD-WAN rule:.
    6. Click Save.
    Previous
    Next