Deploying Forti-SDWAN Using FortiManager

From Notes_Wiki
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Home > Enterprise security devices or applications > Fortigate firewall > Deploying Forti-SDWAN Using FortiManager

Overview

Forti-SDWAN allows multiple WAN interfaces to be used intelligently and dynamically, improving performance and reliability. FortiManager serves as the centralized management platform for FortiGate devices, making it ideal for deploying and managing SD-WAN configurations at scale.

Step 1: Add and Authorize FortiGate Devices in FortiManager

Objective: To bring FortiGate devices under centralized control via FortiManager.

NOTE: Ensure you have enabled the (FMG-Access, HTTPS and Security Fabric ) services on MGMT interface of Fortigate device

Below are the steps to add FortiGate Devices in FortiManager

  1. Login to FortiManager via web GUI.
  2. Navigate to Device Manager > Add Device > Click Discover Device.
  3. Provide the FortiGate IP address, admin credentials, and device name.
  4. Once added, authorize the device to allow configuration management.
  5. Choose the appropriate ADOM (Administrative Domain).
  6. FortiManager connects to the FortiGate and imports its configuration.
  7. After detection, select the device and click Authorize to allow configuration management.

NOTE: Authorization is mandatory before FortiManager can push policies/configurations to the FortiGate.

Step 2: Create or Use an Existing ADOM

Objective: To logically separate and manage devices based on policy, version, or location.

Steps:

  1. Go to System Settings > ADOMs.
  2. Click Create New (or use an existing ADOM if applicable).
  3. Set:
    1. Name: (e.g., “Branch-Offices”)
    2. FortiOS version: Ensure this matches the firmware version on your FortiGate devices.
    3. Mode: Use Policy & Objects for most cases.

NOTE: Each ADOM acts as an isolated environment, which helps in managing multiple customers or regions securely.

Step 3: Create SD-WAN Template

Objective: To define SD-WAN member interfaces and their characteristics.

Steps:

  1. Navigate to Policy & Objects > SD-WAN Templates > Create New.
  2. Name your template (e.g., “SDWAN-Template-Branch”).
  3. Add member interfaces:
  4. Select the WAN interfaces (e.g., wan1, wan2).
  5. Assign a cost, priority, or load-balancing weight.
  6. Set health checks for each interface to determine link performance:

NOTE: Health checks are vital for automatic failover and dynamic path selection.

Step 4: Configure SD-WAN Rules

Objective:To define how traffic is routed over WAN links based on application or source/destination.

Steps:

  1. Navigate to SD-WAN Rules > Create New.
  2. Define:
  3. Name of the rule (e.g., “Voice-Traffic”).
  4. Source/Destination: IPs or address groups.
  5. Application: Use application control signatures (e.g., VoIP, Office365).
  6. Preferred Interface: Define how traffic is routed:
  7. Best Quality: Chooses the link with best SLA performance.
  8. Manual: Specify fixed interface priority.
  9. Load Balancing: Distributes traffic across multiple links.

NOTE: Rules determine real-time traffic steering based on business intent and application criticality.

Step 5: Create and Apply a Policy Package

Objective: To push the complete configuration (SD-WAN + firewall policies) to FortiGate.

Steps:

  1. In the ADOM, go to Policy & Objects > Policy Packages.
  2. Create a new policy package or edit an existing one.
  3. Bind the SD-WAN Template to the policy package.
  4. Define firewall policies as needed (e.g., LAN-to-WAN).
  5. Make sure zones/interfaces in firewall policies match SD-WAN members.

Step 6: Install Configuration to FortiGate

Objective: To deploy the configuration to one or more FortiGate devices.

Steps:

  1. Go to Device Manager, select your FortiGate device.
  2. Click Install Wizard or Install > Install Policy & Objects.
  3. Select the policy package, SD-WAN template, and target device.
  4. Review the preview of changes (helps in validation).
  5. Click Install.

NOTE: Configuration is now live on FortiGate. FortiManager will monitor changes and sync status.

Step 7: Verify and Monitor

From FortiManager:

  1. Navigate to Monitor > SD-WAN Monitor.
  2. View:
  3. Real-time SLA performance
  4. Link usage
  5. Active path for each application


NOTE: Continuous monitoring ensures SLA compliance and alerts you to degraded link conditions.

Conclusion

Deploying Forti-SDWAN using FortiManager streamlines operations, improves performance, and enables centralized control over distributed networks. By following this step-by-step approach, you ensure a consistent, scalable, and optimized SD-WAN deployment.

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Deploying_Forti-SDWAN_Using_FortiManager&oldid=9376"