SD-WAN Overlay Templates and Deployment

Introduction

Objective: Deploy a large corporate SD-WAN network in a few minutes.
Scenario: Set up SD-WAN across corporate office, private workloads, remote branches.
- Remote branches need to access a data center and communicate with each other.
- Hubs located in two geo-redundant data centers for redundancy.
- All locations to have dual ISP links for full mesh overlay network.

Login to FortiManager
- Create SD-WAN overlay with two hubs and two branches.
- Ensure all branches in a region are in the same device group.
- Basic configuration: IP addresses assigned to interfaces.
Provisioning Templates in Device Manager
- Navigate to SD-WAN Overlay tab.
- Use 4-step wizard to create SD-WAN overlay for North America region.

Define Topology
- Choose dual hub (primary & secondary) for active-passive setup.
- Enable on-demand branch-to-branch tunnels for full mesh communication.
- Enable auto-discovery VPN.
Select Primary and Secondary Hubs
- Use drop-down menu to select primary and secondary hubs.
- Choose device group for branches.
- Enable auto ID assignment for branch FortiGates.
Define Ports for Hubs and Branches
- Enter port information for WAN underlays (e.g., Port 1, Port 2 for Hub 1).
- Specify port for advertisement to the network (e.g., Port 3 for Hub 1).
- Repeat for Hub 2 and branches.
Overlay Building Process
- Associate region with existing SD-WAN template and policies.
- Review changes and click finish.

Template Groups: Automatically generated BGP and IPsec templates for overlay.
Installation: Install template groups and policies to FortiGates in FortiManager.
- Install configuration for new interfaces first.
- Install Hub policies next.
- Install Branch device settings and policy packages.
Monitoring: Navigate to monitor section to see the SD-WAN overlay status.
- Access key information like routing tables from FortiGate view.