Fortinet Document Library

Version:

Version:

Version:


Table of Contents

More Links

Configuring the SD-WAN interface
Adding a static route
Selecting the implicit SD-WAN algorithm
Link monitoring and failover
Results
Configuring SD-WAN in the CLI

Cookbook

Download PDF
Copy Link

Configuring security policies for SD-WAN

After you create an SD-WAN interface, FortiGate adds a virtual interface for SD-WAN to the interface list that can be used to create security policies.

You must configure a policy that allows traffic from your organization's internal network to the SD-WAN interface (virtual-wan-link in the CLI). You do not need to configure policies for each individual SD-WAN member interface because policies configured with the SD-WAN interface apply to all SD-WAN interface members.

To create a security policy for SD-WAN:
  1. Go to Policy & Objects > IPv4 Policy.
  2. Click Create New. The New Policy page opens.
  3. Configure the following:

    Name

    Enter a name for the policy.

    Incoming Interface

    internal

    Outgoing Interface

    SD-WAN

    Source

    all

    Destination

    all

    Schedule

    always

    Service

    ALL

    Action

    ACCEPT

    Firewall / Network Options

    Enable NAT and set IP Pool Configuration to Use Outgoing Interface Address.

    Security Profiles

    Apply profiles as required.

    Logging Options

    Enable Log Allowed Traffic and select All Sessions. This allows you to verify results later.

  4. Enable the policy, then click OK.

Next: Link monitoring and failover

More Links

Configuring security policies for SD-WAN

After you create an SD-WAN interface, FortiGate adds a virtual interface for SD-WAN to the interface list that can be used to create security policies.

You must configure a policy that allows traffic from your organization's internal network to the SD-WAN interface (virtual-wan-link in the CLI). You do not need to configure policies for each individual SD-WAN member interface because policies configured with the SD-WAN interface apply to all SD-WAN interface members.

To create a security policy for SD-WAN:
  1. Go to Policy & Objects > IPv4 Policy.
  2. Click Create New. The New Policy page opens.
  3. Configure the following:

    Name

    Enter a name for the policy.

    Incoming Interface

    internal

    Outgoing Interface

    SD-WAN

    Source

    all

    Destination

    all

    Schedule

    always

    Service

    ALL

    Action

    ACCEPT

    Firewall / Network Options

    Enable NAT and set IP Pool Configuration to Use Outgoing Interface Address.

    Security Profiles

    Apply profiles as required.

    Logging Options

    Enable Log Allowed Traffic and select All Sessions. This allows you to verify results later.

  4. Enable the policy, then click OK.

Next: Link monitoring and failover