Fortinet black logo

Cookbook

Home FortiManager 6.2.0 Cookbook

Using Intelligent Application Steering and Link Fail-over

6.2.0
6.2.0
5.4.0
Copy Link
Copy Doc ID 2d0f1673-0a61-11ea-8977-00505692583a:909450
Download PDF

Using Intelligent Application Steering and Link Fail-over

You can use FortiGate to load balance traffic depending on the application type and on the SLA. To do this, create application-based SD-WAN rules in FortiManager and then install the configurations on the branches.

To use Intelligent Application Steering and Link Fail-over:
  1. Create the following SD-WAN rules:
    • Business Critical Cloud APP (Office365 and Azure and AWS): This traffic should always favor the INET underlay, in case SLA in not met or the underlay link fails, it can go through an overlay.
    • Non-Business Critical Cloud APP (Facebook and Twitter): This traffic should only go through the underlay, in case of link failure, the traffic can stop working.
  2. Enable FortiAnalyzer on the branches using CLI scripts
  3. Install the configurations on the branches
To create SD-WAN rules in the GUI:
  1. Go to Device Manager > SD-WAN > SD-WAN Template.
  2. Click Create New in the content pane toolbar, or right-click and select Create New. The Create New page opens.
  3. In the SD-WAN Rules toolbar, click Create New. The Create New SD-WAN Rule dialog-box opens.
  4. Configure the SD-WAN rule settings, then click OK.
    Note

    In the SD-WAN policy for Business Critical and Non-Business Critical Cloud App, make sure to enable the Gateway option. This allows to FortiGate to redirect correctly.

For information about creating SD-WAN rules, go to the FortiManager Document Library > FortiManager Administration Guide > SD-WAN > SD-WAN templates.

To enable FortiAnalyzer on the branches:

config log fortianalyzer setting

set status enable

set server "192.168.0.15"

set upload-option realtime

set serial <FMG_Serial Number>

set certificate-verification disable

set reliable enable

end

To configure a FortiGate unit:
  1. Go to Device Manager > Device & Groups.
  2. In the tree menu, select a device group.
  3. In the content pane, select a device.
  4. From the Install menu, select Install Config.
  5. When the installation configuration is complete, click Finish.
Note

After the installation is complete you will see the logs are on FortiAnalyzer. If you log in to the FortiGate WebUI you will notice an error message in the Security Fabric Settings page:

Run the following command on FortiManager CLI:

exe log device permission ALL all ena
Previous
Next

Using Intelligent Application Steering and Link Fail-over

You can use FortiGate to load balance traffic depending on the application type and on the SLA. To do this, create application-based SD-WAN rules in FortiManager and then install the configurations on the branches.

To use Intelligent Application Steering and Link Fail-over:
  1. Create the following SD-WAN rules:
    • Business Critical Cloud APP (Office365 and Azure and AWS): This traffic should always favor the INET underlay, in case SLA in not met or the underlay link fails, it can go through an overlay.
    • Non-Business Critical Cloud APP (Facebook and Twitter): This traffic should only go through the underlay, in case of link failure, the traffic can stop working.
  2. Enable FortiAnalyzer on the branches using CLI scripts
  3. Install the configurations on the branches
To create SD-WAN rules in the GUI:
  1. Go to Device Manager > SD-WAN > SD-WAN Template.
  2. Click Create New in the content pane toolbar, or right-click and select Create New. The Create New page opens.
  3. In the SD-WAN Rules toolbar, click Create New. The Create New SD-WAN Rule dialog-box opens.
  4. Configure the SD-WAN rule settings, then click OK.
    Note

    In the SD-WAN policy for Business Critical and Non-Business Critical Cloud App, make sure to enable the Gateway option. This allows to FortiGate to redirect correctly.

For information about creating SD-WAN rules, go to the FortiManager Document Library > FortiManager Administration Guide > SD-WAN > SD-WAN templates.

To enable FortiAnalyzer on the branches:

config log fortianalyzer setting

set status enable

set server "192.168.0.15"

set upload-option realtime

set serial <FMG_Serial Number>

set certificate-verification disable

set reliable enable

end

To configure a FortiGate unit:
  1. Go to Device Manager > Device & Groups.
  2. In the tree menu, select a device group.
  3. In the content pane, select a device.
  4. From the Install menu, select Install Config.
  5. When the installation configuration is complete, click Finish.
Note

After the installation is complete you will see the logs are on FortiAnalyzer. If you log in to the FortiGate WebUI you will notice an error message in the Security Fabric Settings page:

Run the following command on FortiManager CLI:

exe log device permission ALL all ena
Previous
Next