Prerequisites
For the FortiGate SD-WAN secure private access (SPA) use case, SD-WAN network deployments are expected to conform to Fortinet’s best practices for SD-WAN architecture and deployment for the following topologies:
- SD-WAN with a single datacenter/hub
- SD-WAN with dual datacenters/hubs
- SD-WAN with up to four datacenters/hubs
For deployment details, see the 4-D FortiSASE SPA with a FortiGate SD-WAN Deployment Guide.
For the FortiGate next generation firewall (NGFW) SPA use case, you must first convert the NGFW to a standalone IPsec VPN hub. For deployment details, see the 4-D FortiGate NGFW to FortiSASE SPA Hub Conversion Deployment Guide (FortiOS 7.0.7+).
For the FortiGate NGFW SPA use case running FortiOS 7.2.4 and above, you can use the Fabric Overlay Orchestrator feature to convert the NGFW to a standalone IPsec VPN hub. For deployment details, see the 4-D FortiGate NGFW to FortiSASE SPA Hub Conversion using Fabric Overlay Orchestrator Deployment Guide (FortiOS 7.2.4+, 7.4.0+).