Fortinet black logo

Administration Guide

Home FortiGate / FortiOS 7.4.2 Administration Guide
7.4.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0

SD-WAN CLI configuration

SD-WAN CLI configuration

The following SD-WAN CLI configuration commands are used to configure ADVPN 2.0 on the spokes:

config system sdwan
    config zone
        edit <zone-name>
            set advpn-select {enable | disable}
            set advpn-health-check <health-check name>   
        next
    end
    config members
        edit <integer>
            set transport-group <integer> 
        next
    end
    config service
        edit <integer>
            set shortcut-priority {enable | disable | auto}   
        next
    end
end

set advpn-select {enable | disable}

Enable or disable SDWAN/ADVPN-2.0 (default=disabled).

set advpn-health-check <health-check name>

Specify the health check for the spoke whose info will be sent to the peer spoke.

set transport-group <integer>

Specify different group ID between (1 -255) to differentiate link-type, such as Internet, MPLS, LTE, Satellite.

set shortcut-priority {enable | disable | auto}

Enable or disable making ADVPN shortcut a high priority over overlay parent interfaces, if SLA mode or link cost factor mode conditions are met:

  • enable: enable a high priority of ADVPN shortcut for this service.

  • disable: disable a high priority of ADVPN shortcut for this service.

  • auto: automatically enable a high priority of ADVPN shortcut for this service if ADVPN2.0 is enabled.

diagnose sys sdwan advpn-session

Diagnostic command run on local spoke to view remote spoke WAN link information and path manager shortcut path selection.

As with the previous version of ADVPN, on the hub, you must enable ADVPN and configure firewall policies between spokes.

Note

Currently, ADVPN 2.0 only supports IPv4.
Previous
Next

SD-WAN CLI configuration

The following SD-WAN CLI configuration commands are used to configure ADVPN 2.0 on the spokes:

config system sdwan
    config zone
        edit <zone-name>
            set advpn-select {enable | disable}
            set advpn-health-check <health-check name>   
        next
    end
    config members
        edit <integer>
            set transport-group <integer> 
        next
    end
    config service
        edit <integer>
            set shortcut-priority {enable | disable | auto}   
        next
    end
end

set advpn-select {enable | disable}

Enable or disable SDWAN/ADVPN-2.0 (default=disabled).

set advpn-health-check <health-check name>

Specify the health check for the spoke whose info will be sent to the peer spoke.

set transport-group <integer>

Specify different group ID between (1 -255) to differentiate link-type, such as Internet, MPLS, LTE, Satellite.

set shortcut-priority {enable | disable | auto}

Enable or disable making ADVPN shortcut a high priority over overlay parent interfaces, if SLA mode or link cost factor mode conditions are met:

  • enable: enable a high priority of ADVPN shortcut for this service.

  • disable: disable a high priority of ADVPN shortcut for this service.

  • auto: automatically enable a high priority of ADVPN shortcut for this service if ADVPN2.0 is enabled.

diagnose sys sdwan advpn-session

Diagnostic command run on local spoke to view remote spoke WAN link information and path manager shortcut path selection.

As with the previous version of ADVPN, on the hub, you must enable ADVPN and configure firewall policies between spokes.

Note

Currently, ADVPN 2.0 only supports IPv4.
Previous
Next