In Fortinet SD-WAN architecture, underlay and overlay have distinct meanings:
Underlay links are the physical or logical transport networks that provide basic IP connectivity (for example, broadband, MPLS, LTE/5G).
Overlay links are virtual tunnels (such as IPsec VPNs) built on top of the underlay, providing abstraction, routing control, and segmentation.
Option B is correct.
Overlay links (for example, IPsec tunnels used in SD-WAN and ADVPN) decouple routing from the physical transport. This allows dynamic path selection, segmentation, and flexible routing policies independent of the underlay. Providing routing flexibility is a core purpose of overlays in SD-WAN.
Option D is correct.
Wireless connections such as LTE or 5G can be used as underlay transports, and overlay tunnels can be built over them. Fortinet SD-WAN fully supports building IPsec overlays on wireless underlays, making wireless links valid for overlay construction.
Why the other options are incorrect:
Option A is incorrect because a VLAN is a Layer 2 segmentation mechanism, not an SD-WAN overlay link.
Option C is incorrect because FortiLink is used for internal management and switch/AP connectivity, not as a WAN underlay for SD-WAN.
Option E is incorrect because underlay links can be wired or wireless; they are not limited to wired connections.
Therefore, the two correct statements are B and D.
Submit