Home - fortinet-solutions-cse/sdwan-advpn-reference GitHub Wiki
In this Wiki we document currently supported options and features.
It is a good idea to start reading from the first page.
Alternatively, use the navigation pane at the right or click on the individual features in the list below to get more details.
You can track the latest additions and fixes here.
Supported Features
Scope of configuration
- Native support of heterogenous deployments (sites with different connectivity)
- Underlay interfaces and general device settings
- Overlay tunnels (within and between regions)
- Overlay routing (within and between regions)
- [Optional] SD-WAN configuration (recommended only when using without FortiManager)
- [Optional] Firewall Policies (recommended only when using without FortiManager)
Underlay options
- DHCP and static IP
- VLAN tagging
- PPPoE support (7.4+)
- Bridging (built-in hardware switches, incl. virtual-switch-vlan support)
- LAG support
- FEX support
- FortiLink (SD-Branch) support
- DHCP Server for LAN clients
- DHCP Relay for LAN clients
- Underlay Loopback (dedicated source IP for all local-out traffic, e.g. routable public IP or provider-independent IP)
- QoS: ingress/egress shaping profile
Supported overlay network designs
-
Dynamic BGP on Loopback (unified), 7.4+
- RR-based and RR-less ADVPN support
- ADVPN 2.0 support
- Multi-VRF support ("Segmentation over Single Overlay"), including Internet access
- Mixed RR-based/RR-less deployment support
-
BGP on Loopback (up to 7.2)
-
Multi-VRF BGP on Loopback (up to 7.2)
-
BGP per Overlay (up to 7.2)
Overlay topology options
- Single-regional and multi-regional
- ADVPN within and between regions, including Spoke-to-Spoke and Spoke-to-Hub shortcuts
- Hub-to-Hub tunnels within and between regions
- Spoke-to-Hub connectivity options: One-to-One, Many-to-One and Full-Mesh
- IPSEC authentication: certificate-based and PSK
- Redundant IPSEC tunnels ("monitor" feature)
- Overlay stickiness (legacy)
Other features
- Automatic System Zone creation for FW policies
- Non-Root VDOM support (7.4+)
- CRL support on Hubs (7.4+)