Fortinet white logo
Fortinet white logo

CLI Reference

config system fabric-vpn

config system fabric-vpn

Setup for self orchestrated fabric auto discovery VPN.

config system fabric-vpn
    Description: Setup for self orchestrated fabric auto discovery VPN.
    config advertised-subnets
        Description: Local advertised subnets.
        edit <id>
            set prefix {ipv4-classnet}
            set access [inbound|bidirectional]
            set bgp-network {integer}
            set firewall-address {string}
            set policies {integer}
        next
    end
    set bgp-as {integer}
    set branch-name {string}
    set health-checks {string}
    set loopback-address-block {ipv4-classnet-host}
    set loopback-advertised-subnet {integer}
    set loopback-interface {string}
    config overlays
        Description: Local overlay interfaces table.
        edit <name>
            set overlay-tunnel-block {ipv4-classnet-host}
            set remote-gw {ipv4-address-any}
            set interface {string}
            set bgp-neighbor {string}
            set overlay-policy {integer}
            set bgp-network {integer}
            set route-policy {integer}
            set bgp-neighbor-group {string}
            set bgp-neighbor-range {integer}
            set ipsec-phase1 {string}
            set sdwan-member {integer}
        next
    end
    set policy-rule [health-check|manual|...]
    set psksecret {password-3}
    set sdwan-zone {string}
    set status [enable|disable]
    set sync-mode [enable|disable]
    set vpn-role [hub|spoke]
end

config system fabric-vpn

Parameter

Description

Type

Size

Default

bgp-as

BGP Router AS number, valid from 1 to 4294967295.

integer

Minimum value: 0 Maximum value: 4294967295

0

branch-name

Branch name.

string

Maximum length: 35

health-checks

Underlying health checks.

string

Maximum length: 35

loopback-address-block

IPv4 address and subnet mask for hub's loopback address, syntax: X.X.X.X/24.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

loopback-advertised-subnet

Loopback advertised subnet reference.

integer

Minimum value: 0 Maximum value: 4294967295

0

loopback-interface

Loopback interface.

string

Maximum length: 15

policy-rule

Policy creation rule.

option

-

health-check

Option

Description

health-check

Create health check policy automatically.

manual

All policies will be created manually.

auto

Automatically create allow policies.

psksecret

Pre-shared secret for ADVPN.

password-3

Not Specified

sdwan-zone

Reference to created SD-WAN zone.

string

Maximum length: 35

status

Enable/disable Fabric VPN.

option

-

disable

Option

Description

enable

Enable Fabric VPN.

disable

Disable Fabric VPN.

sync-mode

Setting synchronised by fabric or manual.

option

-

enable

Option

Description

enable

Enable fabric led configuration synchronisation.

disable

Disable fabric led configuration synchronisation.

vpn-role

Fabric VPN role.

option

-

hub

Option

Description

hub

VPN hub.

spoke

VPN spoke.

config advertised-subnets

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967294

0

prefix

Network prefix.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0

access

Access policy direction.

option

-

inbound

Option

Description

inbound

Allow inbound traffic to subnet.

bidirectional

Allow inbound and outbound traffic to subnet.

bgp-network

Underlying BGP network.

integer

Minimum value: 0 Maximum value: 4294967295

0

firewall-address

Underlying firewall address.

string

Maximum length: 79

policies

Underlying policies.

integer

Minimum value: 0 Maximum value: 4294967295

config overlays

Parameter

Description

Type

Size

Default

name

Overlay name.

string

Maximum length: 79

overlay-tunnel-block

IPv4 address and subnet mask for the overlay tunnel , syntax: X.X.X.X/24.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

remote-gw

IP address of the hub gateway (Set by hub).

ipv4-address-any

Not Specified

0.0.0.0

interface

Underlying interface name.

string

Maximum length: 15

bgp-neighbor

Underlying BGP neighbor entry.

string

Maximum length: 45

overlay-policy

The overlay policy to allow ADVPN thru traffic.

integer

Minimum value: 0 Maximum value: 4294967295

0

bgp-network

Underlying BGP network.

integer

Minimum value: 0 Maximum value: 4294967295

0

route-policy

Underlying router policy.

integer

Minimum value: 0 Maximum value: 4294967295

0

bgp-neighbor-group

Underlying BGP neighbor group entry.

string

Maximum length: 45

bgp-neighbor-range

Underlying BGP neighbor range entry.

integer

Minimum value: 0 Maximum value: 4294967295

0

ipsec-phase1

IPsec interface.

string

Maximum length: 35

sdwan-member

Reference to SD-WAN member entry.

integer

Minimum value: 0 Maximum value: 4294967295

0

config system fabric-vpn

config system fabric-vpn

Setup for self orchestrated fabric auto discovery VPN.

config system fabric-vpn
    Description: Setup for self orchestrated fabric auto discovery VPN.
    config advertised-subnets
        Description: Local advertised subnets.
        edit <id>
            set prefix {ipv4-classnet}
            set access [inbound|bidirectional]
            set bgp-network {integer}
            set firewall-address {string}
            set policies {integer}
        next
    end
    set bgp-as {integer}
    set branch-name {string}
    set health-checks {string}
    set loopback-address-block {ipv4-classnet-host}
    set loopback-advertised-subnet {integer}
    set loopback-interface {string}
    config overlays
        Description: Local overlay interfaces table.
        edit <name>
            set overlay-tunnel-block {ipv4-classnet-host}
            set remote-gw {ipv4-address-any}
            set interface {string}
            set bgp-neighbor {string}
            set overlay-policy {integer}
            set bgp-network {integer}
            set route-policy {integer}
            set bgp-neighbor-group {string}
            set bgp-neighbor-range {integer}
            set ipsec-phase1 {string}
            set sdwan-member {integer}
        next
    end
    set policy-rule [health-check|manual|...]
    set psksecret {password-3}
    set sdwan-zone {string}
    set status [enable|disable]
    set sync-mode [enable|disable]
    set vpn-role [hub|spoke]
end

config system fabric-vpn

Parameter

Description

Type

Size

Default

bgp-as

BGP Router AS number, valid from 1 to 4294967295.

integer

Minimum value: 0 Maximum value: 4294967295

0

branch-name

Branch name.

string

Maximum length: 35

health-checks

Underlying health checks.

string

Maximum length: 35

loopback-address-block

IPv4 address and subnet mask for hub's loopback address, syntax: X.X.X.X/24.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

loopback-advertised-subnet

Loopback advertised subnet reference.

integer

Minimum value: 0 Maximum value: 4294967295

0

loopback-interface

Loopback interface.

string

Maximum length: 15

policy-rule

Policy creation rule.

option

-

health-check

Option

Description

health-check

Create health check policy automatically.

manual

All policies will be created manually.

auto

Automatically create allow policies.

psksecret

Pre-shared secret for ADVPN.

password-3

Not Specified

sdwan-zone

Reference to created SD-WAN zone.

string

Maximum length: 35

status

Enable/disable Fabric VPN.

option

-

disable

Option

Description

enable

Enable Fabric VPN.

disable

Disable Fabric VPN.

sync-mode

Setting synchronised by fabric or manual.

option

-

enable

Option

Description

enable

Enable fabric led configuration synchronisation.

disable

Disable fabric led configuration synchronisation.

vpn-role

Fabric VPN role.

option

-

hub

Option

Description

hub

VPN hub.

spoke

VPN spoke.

config advertised-subnets

Parameter

Description

Type

Size

Default

id

ID.

integer

Minimum value: 0 Maximum value: 4294967294

0

prefix

Network prefix.

ipv4-classnet

Not Specified

0.0.0.0 0.0.0.0

access

Access policy direction.

option

-

inbound

Option

Description

inbound

Allow inbound traffic to subnet.

bidirectional

Allow inbound and outbound traffic to subnet.

bgp-network

Underlying BGP network.

integer

Minimum value: 0 Maximum value: 4294967295

0

firewall-address

Underlying firewall address.

string

Maximum length: 79

policies

Underlying policies.

integer

Minimum value: 0 Maximum value: 4294967295

config overlays

Parameter

Description

Type

Size

Default

name

Overlay name.

string

Maximum length: 79

overlay-tunnel-block

IPv4 address and subnet mask for the overlay tunnel , syntax: X.X.X.X/24.

ipv4-classnet-host

Not Specified

0.0.0.0 0.0.0.0

remote-gw

IP address of the hub gateway (Set by hub).

ipv4-address-any

Not Specified

0.0.0.0

interface

Underlying interface name.

string

Maximum length: 15

bgp-neighbor

Underlying BGP neighbor entry.

string

Maximum length: 45

overlay-policy

The overlay policy to allow ADVPN thru traffic.

integer

Minimum value: 0 Maximum value: 4294967295

0

bgp-network

Underlying BGP network.

integer

Minimum value: 0 Maximum value: 4294967295

0

route-policy

Underlying router policy.

integer

Minimum value: 0 Maximum value: 4294967295

0

bgp-neighbor-group

Underlying BGP neighbor group entry.

string

Maximum length: 45

bgp-neighbor-range

Underlying BGP neighbor range entry.

integer

Minimum value: 0 Maximum value: 4294967295

0

ipsec-phase1

IPsec interface.

string

Maximum length: 35

sdwan-member

Reference to SD-WAN member entry.

integer

Minimum value: 0 Maximum value: 4294967295

0