Fortinet white logo
Fortinet white logo

Administration Guide

Configuring firewall policies for SD-WAN

Configuring firewall policies for SD-WAN

SD-WAN zones can be used in policies as source and destination interfaces. Individual SD-WAN members cannot be used in policies.

You must configure a policy that allows traffic from your organization's internal network to the SD-WAN zone. Policies configured with the SD-WAN zone apply to all SD-WAN interface members in that zone.

To create a firewall policy for SD-WAN:
  1. Go to Policy & Objects > Firewall Policy.
  2. Click Create New. The New Policy page opens.
  3. Configure the following:

    Name

    Enter a name for the policy.

    Incoming Interface

    internal

    Outgoing Interface

    virtual-wan-link

    Source

    all

    Destination

    all

    Schedule

    always

    Service

    ALL

    Action

    ACCEPT

    Firewall / Network Options

    Enable NAT and set IP Pool Configuration to Use Outgoing Interface Address.

    Security Profiles

    Apply profiles as required.

    Logging Options

    Enable Log Allowed Traffic and select All Sessions. This allows you to verify results later.

  4. Enable the policy, then click OK.

Next: Link monitoring and failover

Configuring firewall policies for SD-WAN

Configuring firewall policies for SD-WAN

SD-WAN zones can be used in policies as source and destination interfaces. Individual SD-WAN members cannot be used in policies.

You must configure a policy that allows traffic from your organization's internal network to the SD-WAN zone. Policies configured with the SD-WAN zone apply to all SD-WAN interface members in that zone.

To create a firewall policy for SD-WAN:
  1. Go to Policy & Objects > Firewall Policy.
  2. Click Create New. The New Policy page opens.
  3. Configure the following:

    Name

    Enter a name for the policy.

    Incoming Interface

    internal

    Outgoing Interface

    virtual-wan-link

    Source

    all

    Destination

    all

    Schedule

    always

    Service

    ALL

    Action

    ACCEPT

    Firewall / Network Options

    Enable NAT and set IP Pool Configuration to Use Outgoing Interface Address.

    Security Profiles

    Apply profiles as required.

    Logging Options

    Enable Log Allowed Traffic and select All Sessions. This allows you to verify results later.

  4. Enable the policy, then click OK.

Next: Link monitoring and failover