Hot!FG-40F with SD-WAN

Author
ZhekA
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/05/18 00:05:01
  • Status: offline
2021/05/18 00:11:54 (permalink)
0

FG-40F with SD-WAN

Hello guys,
I wish someone will assist me or prove me right or disprove me.
Purchased few FG-40F units after an aggressive sales campaign that these new units are perfect solution for a small office and SD-WAN.
I see there's only one WAN port on the unit and unfortunately I can't add it to the virtual-wan-link.
It looks the firewall can only add lan2 and lan3 ports to SD-WAN. What's the point of having WAN port on the unit ?
With only 4 ports and one of them dedicated to the Fortiswitch link I'm limited. 
#1

3 Replies Related Threads

    Markus
    Expert Member
    • Total Posts : 314
    • Scores: 65
    • Reward points: 0
    • Joined: 2015/03/19 07:30:23
    • Location: Switzerland
    • Status: offline
    Re: FG-40F with SD-WAN 2021/05/18 04:13:02 (permalink)
    0
    Hi and welcome to the Forums.

    Seems you have a reference on the wan interface, maybe the default policy lan->wan. Try to delete this policy and all other references (e.g. ssl vpn) the you where able to put the wan port to the sd-wan interface.
    #2
    ZhekA
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2021/05/18 00:05:01
    • Status: offline
    Re: FG-40F with SD-WAN 2021/05/18 20:58:44 (permalink)
    0
    Thank you, Marcus!
    That was it. I normally check policies for interface utilization but this time I totally neglected.
     
    #3
    sw2090
    Expert Member
    • Total Posts : 969
    • Scores: 82
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: FG-40F with SD-WAN 2021/05/19 02:20:57 (permalink)
    0
    It is FGT factory default that there is one switch that has port 1-n and has an internet policy via the WAN port(s).
    Basically you can add any interface to sd-wan as long as it doesn't have reference(s). That is because if you add an interface to sd-wan it does no longer exist as an own interface for use in policies etc because you want to use sd-wan instead then.
     

    -- 
    "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
    #4
    Jump to:
    © 2021 APG vNext Commercial Version 5.5