Fortinet, Inc.
AUTOMATIC ESTABLISHMENT OF NETWORK TUNNELS BY AN SDWAN CONTROLLER BASED ON GROUP AND ROLE ASSIGNMENTS OF NETWORK DEVICES

Abstract:

Systems and methods are described for automatically building up a VPN to facilitate full-mesh communication within a private network of an organization based on group and role settings of participating network devices. According to one embodiment, configuration information, including a group setting, indicating a group with which the particular network device is associated, and a role setting, specifying a role of the particular network device within the group as either a hub or an edge, is received by an SDWAN controller associated with the private network for each network device of the private network. Based on the configuration information, IPsec configuration information is determined for establishment of VPN links between a hub of each group and one or more edges of the group. Full-mesh communication among the groups is enabled by causing the hubs to set up IPsec tunnels between each pair of hubs based on the IPsec configuration information.