Fortinet black logo

SD-WAN Overlay Migration from OCVPN to OaaS Deployment Guide

Home Overlay-as-a-Service 23.4.0 SD-WAN Overlay Migration from OCVPN to OaaS Deployment Guide
23.4.0
24.1.0
23.4.0
23.3.0

Deployment procedures

Deployment procedures

The FortiCloud Overlay-as-a-Service (OaaS) is used to configure SD-WAN for a topology that includes a single datacenter and multiple sites. The deployment instructions include the following topics:

Note

OaaS requires a license for each spoke, either as a FortiGate VM or a hardware FortiGate device.
Note

OaaS only supports FortiGate devices running FortiOS 7.2.8 and later or 7.4.1 and later.

Prerequisites

This guide presumes the following prerequisites have been met:

  • All FortiGate spokes sites (branches and datacenters) have an OaaS license.

  • All FortiGates in the SD-WAN region are running FortiOS 7.2.8 and later or 7.4.1 and later.

  • ISP links and other interfaces have been configured on all devices.

    • ISP routing is configured where branches have proper routes to reach the Hub.

    • LAN and other directly connected networks have been assigned.

  • The WAN and LAN interfaces for OaaS service are not used in any existing firewall policy.

  • The WAN and LAN ports are not in any existing network zone.

  • The WAN port is not bound to any SD-WAN zone.

Previous
Next

Deployment procedures

The FortiCloud Overlay-as-a-Service (OaaS) is used to configure SD-WAN for a topology that includes a single datacenter and multiple sites. The deployment instructions include the following topics:

Note

OaaS requires a license for each spoke, either as a FortiGate VM or a hardware FortiGate device.
Note

OaaS only supports FortiGate devices running FortiOS 7.2.8 and later or 7.4.1 and later.

Prerequisites

This guide presumes the following prerequisites have been met:

  • All FortiGate spokes sites (branches and datacenters) have an OaaS license.

  • All FortiGates in the SD-WAN region are running FortiOS 7.2.8 and later or 7.4.1 and later.

  • ISP links and other interfaces have been configured on all devices.

    • ISP routing is configured where branches have proper routes to reach the Hub.

    • LAN and other directly connected networks have been assigned.

  • The WAN and LAN interfaces for OaaS service are not used in any existing firewall policy.

  • The WAN and LAN ports are not in any existing network zone.

  • The WAN port is not bound to any SD-WAN zone.

Previous
Next