Fortinet black logo

Examples

Creating SD-WAN rules for DIA/RIA

Copy Link
Copy Doc ID 5ecc39ba-34cd-11eb-96b9-00505692583a:370236
Download PDF

Creating SD-WAN rules for DIA/RIA

Our strategy for Internet access will be as follows:

  • We will prefer the Local Breakout (DIA) via the underlay port (ul-inet).
  • For business-critical traffic, we will use OL_MPLS overlays as a secondary path (RIA), when DIA quality is not acceptable. The thresholds will be different for different applications.
  • For non-business-critical traffic, we will keep using DIA as long as it is alive, disregarding its current quality.

Let’s configure three SD-WAN rules for this:

  • Business-Critical-HighPriority: This rule will be matching GoToMeeting and Salesforce traffic, with SLA Target #1.
  • Business-Critical-MedPriority: This rule will be matching Office365 traffic, with SLA Target #2.
  • Non-Business-Critical: This rule will be matching all other Internet traffic.

Creating SD-WAN rules for the primary hub

In the SD-WAN rule for the primary hub, we specify only the interface members connecting to the Primary Hub (DC1), and OL_INET_DC1 comes first in the list.

When using the Lowest Cost (SLA) strategy, preference is defined by configuration order, among others. The first interface that matches the SLA will be selected, which is precisely what we want to achieve here.

To create an SD-WAN rule for the primary hub:
  1. Go to Device Manager > SD-WAN > SD-WAN templates.
  2. Double-click the template named sdwan.branches to open it for editing.
  3. In the SD-WAN rules section, click Create New.
  4. Set the following options, and click OK.
    1. In the Name box, type Corporate-Primary.
    2. Under Source, click Source Address, and select the corporate network.
    3. Under Destination, click Source, and click Click here to select to select the corporate network.
    4. Under Outgoing Interfaces, click Lowest Cost (SLA).
    5. Beside Interface Preference, click Click here to select, and select OL_INET_DC1, and then OL_MPLS_DC1.
    6. Beside Required SLA Target, click Click here to select, and select DC#1.

    The rule is created.

  5. Click OK to save the SD-WAN template.

Creating SD-WAN rules for the secondary hub

In the SD-WAN rule for the secondary hub, we specify only the interface members connecting to the Secondary Hub (DC2), and OL_INET_DC2 comes first in the list.

Open the SD-WAN template named sdwan.branches for editing, and create a rule for the secondary hub.

When you are done, you will have the following rules in the SD-WAN template:

Creating SD-WAN rules for DIA/RIA

Our strategy for Internet access will be as follows:

  • We will prefer the Local Breakout (DIA) via the underlay port (ul-inet).
  • For business-critical traffic, we will use OL_MPLS overlays as a secondary path (RIA), when DIA quality is not acceptable. The thresholds will be different for different applications.
  • For non-business-critical traffic, we will keep using DIA as long as it is alive, disregarding its current quality.

Let’s configure three SD-WAN rules for this:

  • Business-Critical-HighPriority: This rule will be matching GoToMeeting and Salesforce traffic, with SLA Target #1.
  • Business-Critical-MedPriority: This rule will be matching Office365 traffic, with SLA Target #2.
  • Non-Business-Critical: This rule will be matching all other Internet traffic.

Creating SD-WAN rules for the primary hub

In the SD-WAN rule for the primary hub, we specify only the interface members connecting to the Primary Hub (DC1), and OL_INET_DC1 comes first in the list.

When using the Lowest Cost (SLA) strategy, preference is defined by configuration order, among others. The first interface that matches the SLA will be selected, which is precisely what we want to achieve here.

To create an SD-WAN rule for the primary hub:
  1. Go to Device Manager > SD-WAN > SD-WAN templates.
  2. Double-click the template named sdwan.branches to open it for editing.
  3. In the SD-WAN rules section, click Create New.
  4. Set the following options, and click OK.
    1. In the Name box, type Corporate-Primary.
    2. Under Source, click Source Address, and select the corporate network.
    3. Under Destination, click Source, and click Click here to select to select the corporate network.
    4. Under Outgoing Interfaces, click Lowest Cost (SLA).
    5. Beside Interface Preference, click Click here to select, and select OL_INET_DC1, and then OL_MPLS_DC1.
    6. Beside Required SLA Target, click Click here to select, and select DC#1.

    The rule is created.

  5. Click OK to save the SD-WAN template.

Creating SD-WAN rules for the secondary hub

In the SD-WAN rule for the secondary hub, we specify only the interface members connecting to the Secondary Hub (DC2), and OL_INET_DC2 comes first in the list.

Open the SD-WAN template named sdwan.branches for editing, and create a rule for the secondary hub.

When you are done, you will have the following rules in the SD-WAN template: