Secure SD-WAN

Expand all | Collapse all

NFR Beta FOS 6.4 - SD-WAN – Feature Enhancement - Multiple SD-Interface in one VDOM instead one SD-WAN

  • 1.  NFR Beta FOS 6.4 - SD-WAN – Feature Enhancement - Multiple SD-Interface in one VDOM instead one SD-WAN

     
    Posted Mar 24, 2020 10:37 AM
    Edited by Marcus Boxheimer Mar 24, 2020 10:39 AM

    Dear Fortinet Community

    I am looking for more support of my New Feature Request within the FortiOS 6.4 Beta - NFR: Multiple SD-Interface in one VDOM instead one SD-WAN.

    It would be good to have the possibility to have multiple SD-WAN Interfaces in one VDOM. – Maybe the right name would SD-Zone.

    So, you can have one SD-WAN for the Internet-Traffic and one or multiple VPNs combined in a SD-VPN. At the ende everything is the same, it's a Software Defined Routing and Traffic Management.

    The concept today is mixing WAN and VPN in one SD-WAN with the result of losing the clear structure. Without a clean structure you loosing the overview and you getting a worser security.



    Please register yourself for the Beta Program and support this request.
    This will streamline the SD-WAN and brings back the clear view between WAN and VPN.

    To join the Beta Program you need a free Fortinet Developer Account
    https://fndn.fortinet.net/index.php?/register/

    «All new accounts require two Fortinet Sponsors. Sponsors are Fortinet employees that can confirm your identity and validate your need for an FNDN account. Please enter emails of your Sponsors in the fields below."

    After the registration, confirmation and joining the Beta Program, please read and vote for my request.
    Beta => Beta Releases => Forums

    https://fndn.fortinet.net/index.php?/fortinetbeta/topic/253-nfr-multiple-sd-interface-in-one-vdom-instead-one-sd-wan/

    Thank you very much!



    ------------------------------
    Marcus Boxheimer – NSE 4 - 8
    SIDARION AG - Expert, Integrator, Data Center
    ------------------------------


  • 2.  RE: NFR Beta FOS 6.4 - SD-WAN – Feature Enhancement - Multiple SD-Interface in one VDOM instead one SD-WAN

    Posted 10 days ago
    for have multplie sdwan interfaces by appliance, do i need create vdoms and every vdom i can have 1 sdwan? is it right?


  • 3.  RE: NFR Beta FOS 6.4 - SD-WAN – Feature Enhancement - Multiple SD-Interface in one VDOM instead one SD-WAN

    Posted 10 days ago
    Yes, SD-WAN interface per VDOM.
    If you have 5 VDOM in a single appliance, then you can create 5 SD-WAN interface.

    The NFR (New Feature Request) requested by Marcus, Multiple SD-WAN interface in each VDOM for multi-purpose activity.


    ------------------------------
    Faridul
    ------------------------------



  • 4.  RE: NFR Beta FOS 6.4 - SD-WAN – Feature Enhancement - Multiple SD-Interface in one VDOM instead one SD-WAN

     
    Posted 2 days ago
    Edited by Marcus Boxheimer 2 days ago
    Constant dropping wears the stone. - the feature request was implemented in 6.4.1 - thanks Fortinet - Happy !!

    SD-WAN zones

    In FortiOS 6.4.1, SD-WAN member interfaces are grouped into SD-WAN zones. These zones can be used in firewall policies. Individual SD-WAN members can no longer be used directly in policies.

    In the CLI:

    • config system virtual-wan-link has been replaced with config system sdwan.
    • virtual-wan-link option in static route has been renamed sdwan.
    • diagnose system virtual-wan-link has been replaced with diagnose system sdwan.
    config system sdwan
    config zone # <== new
     edit "virtual-wan-link" # <== default zone
            next
    edit "overlay" next end config members edit 1
    set interface "port1" #<== in default zone
            next
            edit 2
                set interface "MPLS-VPN"
                s
    et zone "overlay" # <== new
            next
        end
    end


    Previously, SD-WAN members could be used directly by policies. Upon upgrading to 6.4.1, an SD-WAN zone upg-zone-<interface-name> will be created for each member that is defined directly in a policy.

    Source: https://docs.fortinet.com/document/fortigate/6.4.1/fortios-release-notes/251225/sd-wan-zones