WAN Interface not showing when creating a Fortinet SD-WAN Interface

When adding an Internet connection to a Fortinet firewall that is already in production, it’s possible that the new WAN interface does not show up in the list of available interfaces to add to the virtual SD-WAN interface.

First, check that there are no references (Firewall policies or other) to the WAN interface. Existing references will prevent the WAN interface from showing up in the list of interfaces to add.

If removing all references to the new WAN interface doesn’t help, using the CLI/SSH might.

Side note – When working on a firewall remotely, it’s always a good idea to delay the saving of the configuration to prevent locking yourself out inadvertently.

config system global
set cfg-save revert
set cfg-revert-timeout 600 <—– Default is 600s of admin session being idle.

If you lose the connection to the firewall, it will revert all changes after 600 seconds of idle time.

When you’re done with the configuration, save it permanently with this command: execute cfg save

Then set the firewall to automatically save the configuration again

FGT# config system global
FGT# (global) # set cfg-save automatic

End side note

On a firewall where WAN1 is already an SD-WAN member and you want to add WAN2 as well, use these commands in the CLI/SSH

config system sdwan
set status enable
config members
edit 1
set interface “wan1”
edit 2
set interface “wan2”

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>