Implicit rule

SD-WAN rules define specific policy routing options to route traffic to an SD-WAN member. When no explicit SD-WAN rules are defined, or if none of the rules are matched, then the default implicit rule is used.

In an SD-WAN configuration, the default route usually points to the SD-WAN interface, so each active member's gateway is added to the routing table's default route. FortiOS uses equal-cost multipath (ECMP) to balance traffic between the interfaces. One of five load balancing algorithms can be selected:

Source IP (source-ip-based)

Traffic is divided equally between the interfaces, including the SD-WAN interface. Sessions that start at the same source IP address use the same path.

This is the default selection.

Sessions (weight-based)

The workload is distributing based on the number of sessions that are connected through the interface.

The weight that you assign to each interface is used to calculate the percentage of the total sessions that are allowed to connect through an interface, and the sessions are distributed to the interfaces accordingly.

Sessions with the same source and destination IP addresses (src-ip and dst-ip) are forwarded to the same path, but are still considered in later session ratio calculations.

An interface's weight value cannot be zero.

Spillover (usage-based)

The interface is used until the traffic bandwidth exceeds the ingress and egress thresholds that you set for that interface. Additional traffic is then sent through the next SD-WAN interface member.

Source-Destination IP (source-dest-ip-based)

Traffic is divided equally between the interfaces. Sessions that start at the same source IP address and go to the same destination IP address use the same path.