Configuring the SD-WAN to steer traffic between the overlays

Configure the HQ FortiGate to use two overlay tunnels for SD-WAN, steering HTTPS and HTTP traffic through the FGT_AWS_Tun tunnel, and SSH and FTP throguh the AWS_VPG tunnel.

  1. Add SD-WAN member interfaces
  2. Configure a route to the remote network
  3. Configure firewall policies
  4. Configure a health check
  5. Configure SD-WAN rules
To add SD-WAN member interfaces:
  1. Go to Network > SD-WAN, select the SD-WAN Zones tab, and click Create New > SD-WAN Member.

  2. Set Interface to AWS_VPG then click OK.

  3. Click Create New > SD-WAN Member again.

  4. Set Interface to FGT_AWS_Tun.

  5. Set Gateway to 172.16.200.1.

  6. Click OK.

To configure a route to the remote network 10.0.2.0/24:
  1. Go to Network > Static Routes and click Create New.

  2. Set Destination to Subnet and enter the IP address and netmask: 10.0.2.0/255.255.255.0.

  3. Set Interface to virtual-wan-link.

  4. Click OK.

    Individual routes to each tunne