Fortinet SD-WAN Lab Guide for FortiOS 7.2

Network Topology
Lab 1: Basic DIA Setup
Exercise 1: Configuring a Basic DIA Setup
Configure a Zone and Members for DIA
Configure a Performance SLA
Configure Rules
Configure a Static Route and Firewall Policy
Exercise 2: Monitoring DIA Traffic
Generate Internet Traffic From branch1_client
Monitor DIA Traffic Distribution
Bring Down port1
Monitor SD-WAN Events and Traffic Logs
Bring Up port1
Lab 2: Centralized Management
Exercise 1: Configuring SD-WAN on FortiManager
Add branch1_fgt and branch2_fgt to FortiManager
Import SD-WAN Settings Into the SD-WAN Template
Configure the SD-WAN Template
Configure the Device Settings and Policy Package
Install the Device Settings and Policy Package
Verify Installed Settings and Logging
Exercise 2: Monitoring DIA Traffic on FortiManager
Generate Internet Traffic From branch1_client and branch2_client
Monitor DIA Traffic Distribution
View Traffic Logs
Exercise 3: Configuring an IPsec VPN Using the FortiManager IPsec Recommended Templates
Add dc1_fgt to FortiManager
Configure Mappings for dc1_fgt
Create VPN IPsec Hub and Spoke Configurations With Recommended Templates
Create a CLI Template for Advanced IPsec Parameters
Install the VPN Configuration
Map the VPN Interfaces
Configure the Firewall Policies
Configure a Static Route on the Branches
Configure FortiAnalyzer Logging on dc1_fgt
Install the Configuration on Devices
Exercise 4: Verifying the IPsec VPN
Verify That the Tunnels Are Up
Verify Connectivity Across the VPN
Exercise 5: Configuring the Overlay With the SD-WAN Overlay Template
Configure the Overlay With the SD-WAN Overlay Template
Review and Install the Overlay the SD-WAN Overlay Template Created
Lab 3: Members, Zones, and Performance SLAs
Exercise 1: Configuring SD-WAN Zones and Members
Review the VPN Tunnels and Their Status
Configure an SD-WAN Zone
Configure VPN Tunnels as SD-WAN Members
Configure an SD-WAN Rule for the Overlays
Verify the Overlays as SD-WAN Members
Exercise 2: Using Ping to Actively Monitor the Overlays
Configure an Active Performance SLA (Ping)
Verify the Health of the Overlays
Exercise 3: Testing an Active Performance SLA
Monitor a Performance SLA on the FortiGate CLI
Test the Performance SLA
Exercise 4: Using HTTP to Actively Monitor the Overlays
Configure an Active Performance SLA (HTTP)
Verify the Health of the Overlays
Lab 4: Routing and Sessions
Exercise 1: Troubleshooting Spoke-to-Spoke Traffic (Single Hub)
Configuration
Problem Description
Objective
Solution Requirements
Tips for Troubleshooting
Solution
Exercise 2: Troubleshooting DIA Traffic
Configuration
Problem Description
Objective
Solution Requirements
Tips for Troubleshooting
Solution
Lab 5: Rules
Exercise 1: Configuring and Testing Rule Strategies
Configure and Test a Best Quality Rule
Configure and Test a Lowest Cost (SLA) Rule
Configure and Test a Maximize Bandwidth (SLA) Rule
Exercise 2: Troubleshooting Rules
Configuration
Problem Description
Objective
Solution Requirements
Tips for Troubleshooting
Solution
Lab 6: SD-WAN Overlay Design and Best Practices
Exercise 1: Configuring Overlays and BGP
Configure Overlay Addresses and Basic BGP
Fine-Tune IPsec and BGP
Exercise 2: Configuring FEC and Packet Duplication
Configure FEC
Configure Packet Duplication
Exercise 3: Configuring ADVPN
Configure Basic ADVPN
Configure an Idle Timeout for ADVPN
Lab 7: SD-WAN Monitoring With FortiAnalyzer
Exercise 1: Monitoring SD-WAN With FortiAnalyzer
Confirm Log Forwarding on the FortiGate Devices
Analyze Traffic Logs
Analyze Event Logs
Discover the Secure SD-WAN Monitor Page
Discover the SD-WAN Summary Page