Fortinet black logo

SD-WAN Deployment with Zscaler

Home FortiGate / FortiOS 6.4.2 SD-WAN Deployment with Zscaler

Configuring SD-WAN rules

6.4.2
6.4.2
6.4.1
6.2.0
Copy Link
Copy Doc ID c7e0b823-d1cf-11ea-96b9-00505692583a:256930
Download PDF

Configuring SD-WAN rules

Configure SD-WAN rules that will tie the Performance SLA probe (Zscaler_VPNTEST) to each of the SD-WAN members with the Lowest Cost (SLA) strategy selected to determine which ZEN will be the active-primary and which one will be the standby-secondary.

To configure an SD-WAN rule:
  1. Go to Network > SD-WAN Rules, and click Create New . The Priority Rule screen displays.
  2. Enter a name in the Name field, like HTTPS-Zscaler-out in this case.
  3. Select the IP Version to be IPv4.
  4. Select the Source and Destination addresses to be all.
  5. Select the Protocol to be TCP, and the Port Range to be 443-443.

    Configuring an SD-WAN rule

  6. Select the Lowest Cost (SLA) strategy for the outgoing interfaces. It determines which ZEN will be the active-primary and which one will be the standby-secondary.
  7. Specify the preference for the outgoing interfaces in the Interface preference field by adding Zscaler-SF and Zscaler-DC in the preferred order.
  8. Specify the Required SLA target by adding the Zscaler_VPNTEST performance SLA test we created earlier.

    Configuring an SD-WAN outgoing interface strategy

  9. Click OK.

Configure similar SD-WAN rules for HTTP, and non-web traffic. In our example, the non-web traffic is steered to the underlays using the Best Quality strategy.

Once configured, verify your SD-WAN rules by navigating to Network > SD-WAN Rules:
Verify SD-WAN rules configurations

Previous
Next

Configuring SD-WAN rules

Configure SD-WAN rules that will tie the Performance SLA probe (Zscaler_VPNTEST) to each of the SD-WAN members with the Lowest Cost (SLA) strategy selected to determine which ZEN will be the active-primary and which one will be the standby-secondary.

To configure an SD-WAN rule:
  1. Go to Network > SD-WAN Rules, and click Create New . The Priority Rule screen displays.
  2. Enter a name in the Name field, like HTTPS-Zscaler-out in this case.
  3. Select the IP Version to be IPv4.
  4. Select the Source and Destination addresses to be all.
  5. Select the Protocol to be TCP, and the Port Range to be 443-443.

    Configuring an SD-WAN rule

  6. Select the Lowest Cost (SLA) strategy for the outgoing interfaces. It determines which ZEN will be the active-primary and which one will be the standby-secondary.
  7. Specify the preference for the outgoing interfaces in the Interface preference field by adding Zscaler-SF and Zscaler-DC in the preferred order.
  8. Specify the Required SLA target by adding the Zscaler_VPNTEST performance SLA test we created earlier.

    Configuring an SD-WAN outgoing interface strategy

  9. Click OK.

Configure similar SD-WAN rules for HTTP, and non-web traffic. In our example, the non-web traffic is steered to the underlays using the Best Quality strategy.

Once configured, verify your SD-WAN rules by navigating to Network > SD-WAN Rules:
Verify SD-WAN rules configurations

Previous
Next