I just passed the Fortinet NSE7 SD-WAN certification!
I prepared by using the self-paced training courses on the Fortinet Training Institute (FTI). As with all material currently on the FTI, the courses are prewritten scripts read by voiceover talent. This is as dry as training can get, especially when compared to courses from actual teachers (CBT Nuggets, PluralSight). Despite the robotic narrators, I endured and learned a few items to help me improve my understanding. Here are my top 3:
- SD-WAN rules function as policy routes. This makes total sense now, but until it was stated I didn’t make the connection. Normal policy routes will take precedence over SD-WAN rules. SD-WAN rules override the route table (≈FIB). See image below:
- Performance SLAs can do more than just change a member SD-WAN interface to “dead”. Prior to my studies, I typically used SLAs to determine if a WAN interface was down so that it’s routes would be removed. Now I more fully understand the potential of leveraging SLA stats with certain SD-WAN rules. There are two SD-WAN rule strategies that can make real-time routing decisions based on SLAs: Lowest Cost and Maximize Bandwidth.
- ADVPN should be used more. Some of my misconceptions surrounding ADVPN were corrected. The small overhead required to setup ADVPN has huge returns in the long run and is worth the additional planning. Manually managing a large count of VPN tunnels ultimately has a higher cost.
I look forward to putting these new insights into practice! Next up for me is the Cisco Enterprise Core cert.