Today, I’m trying to refresh the deployment for Hub and Spoke ADVPN setup in FortiGate SDWAN Deployment.
Let’s Start….
I. Creating a device group
It is a best practice to use Device Groups as the installation target instead of the firewall itself. The reason behind this is that if you ever need to remove the FortiGate from FortiManager, it will not remove the Installation Target reference from the policy package.
Note: In the newer FortiManager version, nested group is already supported. In my case, under 6.2.x it is not supported.
II. System Template (Provisioning Template > System template)
III. SDWAN Template (Provisioning Template > SDWAN template)
I encountered the error message “No device in current ADOM.”
Even though the Administrative Domain is enabled, need to ensure that SDWAN is enabled on the central management.
Create the following SD-WAN interface members:
- OL_MPLS_[Port#]
- OL_INET_[Port#]
Created a New policy Package for SDWAN Branch Devices
Need to define the LAN interface
Let push and install the policy package that we have created for branch sites. Go to “SDWAN-BRANCH” Policy pacakage then go to Target Installation.
Select the branch / Spoke devices. As you can see the config status is modified and this is because all of the settings are being applied to the fortimanager device database and not to the actual device until you push.
In the newer version 7.x, static route, template has been intruduced and I think it is not able in 6.2 version. with that, if we want to configure a default on our fortigate devices using template then we can use the Scripts > CLI Template.