Configuring security policies for SD-WAN
After you create an SD-WAN interface, FortiGate adds a virtual interface for SD-WAN to the interface list that can be used to create security policies.
You must configure a policy that allows traffic from your organization's internal network to the SD-WAN interface (
virtual-wan-link in the CLI). You do not need to configure policies for each individual SD-WAN member interface because policies configured with the SD-WAN interface apply to all SD-WAN interface members.
To create a security policy for SD-WAN:
- Go to Policy & Objects > IPv4 Policy.
- Click Create New. The New Policy page opens.
- Configure the following:
Enter a name for the policy.
Firewall / Network Options
Enable NAT and set IP Pool Configuration to Use Outgoing Interface Address.
Apply profiles as required.
Enable Log Allowed Traffic and select All Sessions. This allows you to verify results later.
- Enable the policy, then click OK.