Omada Pro Logo official website Vigi Logo official website
Contact Us
Singapore / English

How to Configure SD-WAN on Fusion Gateway

Knowledgebase
Configuration Guide
BookmarksCopy Link
05-17-2026
106

Contents

Introduction

Requirements

Configuration

Verification

Conclusion

QA

Introduction

Software-Defined Wide Area Network (SD-WAN) revolutionizes traditional WAN architectures by leveraging centralized control and automation to dynamically route traffic across multiple connections (e.g., MPLS, broadband, LTE). The key benefit of SD-WAN is centralized Policy Management, allowing users to define and manage network policy across different Fusion Gateway systems.

There are two SD-WAN models designed for Fusion Gateways:

  • Full Mesh: Connect all sites directly and securely (Up to 20 sites).
  • Hub-Spoke: Connect multiple sites through a central hub (Up to 1000 sites).

Here are some important info for users of Fusion Gateway SD-WAN system:

  • Currently, the Hub-Spoke model is not yet supported on Fusion Gateway SD-WAN, it will be available in the future version.
  • The network segments participating in SD-WAN cannot be overlapped across all sites, the virtual NAT for overlapped network segments will be supported in Hub-Spoke model in the future.
  • For Full Mesh model, no public IP is required. Our SD-WAN uses P2P NAT Traversal to allow the connection of sites without public IP. However, for sites where only NAT8 (Symmetric NAT) or NAT6 (Port-restricted cone NAT)- NAT8 is present, the NAT Traversal process may fail, resulting in connection establishment failure between some of the sites, in this situation, the traffic between these sites will be forwarded by other tunnels established successfully.
  • To configure SD-WAN between Fusion Gateways, all the Fusion Gateways must have Cloud Access enabled, the cloud access account needs to own Superadmin or Owner privilege to gain access to SD-WAN feature for the Fusion Gateways bound.

Requirements

  • Fusion Gateway with Cloud Access Enabled
  • Omada Cloud Portal

Configuration

We will introduce how to configure SD-WAN on Fusion Gateways using three Fusion Gateways on the Omada Cloud Portal as example.

Step 1. Login to your account on Omada Cloud Portal and select Fusion Systems on the upper left, then go to SD-WAN panel, click the Create SD-WAN Group button to create a new SD-WAN group.

Show the SD-WAN configuration panel when first time entering.

To check the existed SD-WAN group, click the drag down panel on the upper left side. Please note that currently a Fusion Gateway could only be added to a single SD-WAN group, the Fusion Gateways in different SD-WAN groups cannot be duplicated.

Show the SD-WAN configuration panel.

Show the SD-WAN configuration panel.

Step 2. Currently, only Full Mesh model is supported, click Create button.

Show the create SD-WAN Group panel.

Step 3. In the SD-WAN Group creation panel, name the group, then click Sites, choose the sites you wish to form the SD-WAN group together and click Apply. Show the SD-WAN group name and site configuration panel.

Step 4. Tick to choose the LAN networks across sites you wish to add in this SD-WAN group, on the left side Site panel, WAN port participating in the SD-WAN group could be selected, by default it will be chosen automatically (WAN port with public IP first. The user could also select WAN ports manually. If set as Auto, the auto failover will be enabled while using; if the WAN goes down, it will automatically choose another WAN as failover. If the WAN is set manually, the auto failover will not take effect. After finishing selecting, click Save. Show the SD-WAN group LAN network configuration panel.

The LAN segment conflict auto detection is enabled, so when there’s an unselected segment IP conflicting with a selected one, it will be grayed out and notifying the conflict. When there are conflicting network segments and one of the segments is selected to join the SD-WAN, the routing priority order is LAN Network > SD-WAN. Show the SD-WAN group LAN network confliction detection info.

Step 5. After choosing the LAN networks and click Save, the configuration is finished and tunnels between each Fusion Gateways will begin to establish. Users will be able to check the SD-WAN group status. Show the SD-WAN group status panel.

Step 6. To edit or delete the SD-WAN Group, click the Manage button on the upper right and choose Edit or Delete. Show the edit and delete button in SD-WAN group status panel.

By clicking Edit, you could go back to SD-WAN group configuration page and edit the sites/LAN networks participating in this SD-WAN group. Show the edit SD-WAN group panel.

By clicking Delete, you will be required to confirm whether you will delete this SD-WAN group.

Show the delete SD-WAN group panel.

Verification

After finishing creating a SD-WAN group, its status could be checked on the panel using icons or statistics. Here we could see, all the three sites are online and all the tunnels among them are established. Show the SD-WAN group status panel.

Clicking on a site icon could also display the detailed info about the site configuration related to this SD-WAN group. Show the SD-WAN group status panel.

Launch the site and go to the Routing Table of this Fusion Gateway, the routes formed by SD-WAN will be displayed. Show the routing table of a fusion gateway.

Ping between the LAN of different Fusion Gateways, for example, use the ping tool to ping from Default LAN interface of Site A to LAN2 interface of Site C:

Show the ping result of a fusion gateway.

Conclusion

This article introduces how to configure SD-WAN on Fusion Gateways.

QA

Q1: Why some of the tunnels between sites fail to establish?

A1: For Full Mesh model, no public IP is required. Our SD-WAN uses P2P NAT Traversal to allow the connection of sites without public IP. However, for sites where only NAT8 (Symmetric NAT) or NAT6 (Port-restricted NAT) - NAT8 is present, the NAT Traversal process may fail, resulting in connection establishment failure between some of the sites, in this situation, the traffic between these sites will be forwarded by other tunnels established successfully.

Q2: Why there’s no need to configure virtual SD-WAN interface IPs?

A2: The virtual interface IPs for SD-WAN of each site will be automatically created and assigned, as this is a virtual IP only used in the logical forwarding within SD-WAN system, it was also hidden in the traceroute result. The virtual interface IP is shown as Next Hop in the related routes in the Routing Table of Fusion Gateway, please avoid conflicts between the local LAN network segment and virtual interface IP address.

Q3: What will happen if the WAN port in SD-WAN group fails?

A3: After selected WAN port as auto when establishing the SD-WAN group, auto failover will be enabled. If the original WAN port fails, the tunnel will be automatically established on another available WAN to ensure the service recovery within a short time. Please note that it may take some time for the tunnel to re-establish on another WAN.

Please Rate this Document

Related Documents

How to Configure SD-WAN via Omada Controller v5.15.20

Configuration Guide
07-22-2025
21770

How to Configure SD-WAN via Omada Controller v6.2

Configuration Guide
04-02-2026
6794

How to configure Gateway ACL on Fusion Gateway

Configuration Guide
05-17-2026
0

How to Configure Gateway Rules for Content Filtering on Fusion Gateway

Configuration Guide
05-17-2026
0

How to configure Virtual WAN on Omada Gateway

Configuration Guide
06-25-2025
20826

Subscription

Customer support communications will be monitored or recorded for training, quality assurance, and to improve our products and services.
To better assist you, we might ask for some basic information like your name, phone number, email, or shipping address.
We’ll only use this information with your permission to support your request.

TP-Link takes your privacy seriously. For further details on TP-Link's privacy practices, see TP-Link's Privacy Policy.

Email Error

Follow Us

About
Press
Partners
Learning Center
TP-Link Omada Omada Pro VIGI
Singapore / English

©2026 TP-Link Corporation PTE. Ltd. and its affiliated companies. All rights reserved.

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

Your Privacy Choices

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

TP-Link

SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_banner, tp_privacy_base, tp_privacy_marketing, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Zendesk

OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au