08 Reserved Indexes and Names - fortinet-solutions-cse/sdwan-advpn-reference GitHub Wiki

Overview

Since the Jinja Orchestrator does not claim to cover the entire FortiGate configuration, it must coexist "peacefully" with any other configuration that potentially exists on the device. This includes any configuration generated by the FortiManager or by any other external means.

This is especially relevant for the table entries - such as static routes, BGP networks and so on. Normally, the Jinja Orchestrator will use a special numbering range when creating such entries, in an attempt to "isolate" itself from the other configuration.

On this page we document all the elements created by the Jinja Orchestrator and the numbering conventions used by it, so that you can avoid overwriting them with objects created by other means.

Indexes

DHCP Server

Entries starting from 10:

config system dhcp server
   edit {{ 10 + loop.index0 }}
   # ...
   next
end

Static Routes

Entries starting from 100 (and above 4000 for inter-VRF links):

config router static
   edit 100 
   # default route (offline)
   next
   edit 101 
   # lan_summary blackhole (Hubs)
   next
   edit 102 
   # lo_summary blackhole (Hubs)
   next
   edit 103 
   # regional lo_summary (Hubs)
   next
   edit {{ 4000 + i.vrf }}
   # vrf_link defaults
   next
end

BGP Networks

Entries above 100 (LAN prefixes starting from 110):

config router bgp
   config network
      edit 102
      # lo_summary (Hubs)
      next
      edit 103
      # regional lo_summary (Hubs)
      next
      edit {{ 110 + loop.index }} 
      # LAN prefixes to advertise
      next
   end
end

BGP Aggregates

Entries above 110:

config router bgp
   config aggregate-address
      edit {{ 110 + loop.index }}
      # LAN summary
      next
   end
end

BGP Neighbor Ranges

Entries above 100, for example:

config router bgp
  config neighbor-range
    edit 101
      # lo_summary for neighbor-group "DYN_EDGE"
    next
  end  
end

VLANs

IDs starting from 4000 for NPU links: {{ 4000 + i.vrf }}

Values

  • BGP Communities:

    • SLA_OK = {{ community_as }}:99

  • Tags (set-tag):

    • 100 = LAN tag (for Dynamic BGP)

Names

Interfaces

  • Underlay Loopback: Lo-wan{{loop.index}}

  • Main (overlay) Loopback: Lo

  • Health-Check Loopback (on Hubs): Lo-HC

Routing Objects

  • AS_PATH lists:

    • SDWAN_AS

  • Access Lists:

    • LAN_REGIONAL_SUMMARY
    • LO_REGIONAL_SUMMARY

  • Route-maps:

    • H{{loop.index}}_TAG
    • SLA_OK
    • LOCAL_REGION
    • LAN_TAG
    • REGION_OUT
    • EDGE_OUT
    • LAN_OUT
    • LOCAL_HUB2HUB_OUT

Other Objects

  • CRL profile (config vpn certificate crl): TheCA