Fortinet black logo

Examples

Configuring SD-WAN rules

Copy Link
Copy Doc ID 5ecc39ba-34cd-11eb-96b9-00505692583a:615610
Download PDF

Configuring SD-WAN rules

The SD-WAN rules define how the traffic flows. This section describes how to configure SD-WAN rules for internal (corporate) traffic, so that:

  1. The traffic prefers OL_INET, as long as it meets the SLA. If the traffic doesn’t meet the SLA, the traffic switches over to OL_MPLS.
  2. The traffic should always use DC1_FGT, as long as it is available. DC2_FGT should be used only as a backup Hub. In other words, DC2_FGT should only be used when DC1_FGT is completely out of service.

This topic describes how to create one rule for the primary hub and one rule for the secondary hub.

Creating SD-WAN rules for the primary hub

In the SD-WAN rule for the primary hub, we specify only the interface members connecting to the Primary Hub (DC1), and OL_INET_DC1 comes first in the list.

When using the Lowest Cost (SLA) strategy, preference is defined by configuration order, among others. The first interface that matches the SLA will be selected, which is precisely what we want to achieve here.

To create an SD-WAN rule for the primary hub:
  1. Go to Device Manager > SD-WAN > SD-WAN templates.
  2. Double-click the template named sdwan.branches to open it for editing.
  3. In the SD-WAN rules section, click Create New.
  4. Set the following options, and click OK.
    1. In the Name box, type Corporate-Primary.
    2. Under Source, click Source Address, and select the corporate network.
    3. Under Destination, click Source, and click Click here to select to select the corporate network.
    4. Under Outgoing Interfaces, click Lowest Cost (SLA).
    5. Beside Interface Preference, click Click here to select, and select OL_INET_DC1, and then OL_MPLS_DC1.
    6. Beside Required SLA Target, click Click here to select, and select DC#1.

    The rule is created.

  5. Click OK to save the SD-WAN template.

Creating SD-WAN rules for the secondary hub

In the SD-WAN rule for the secondary hub, we specify only the interface members connecting to the Secondary Hub (DC2), and OL_INET_DC2 comes first in the list.

Open the SD-WAN template named sdwan.branches for editing, and create a rule for the secondary hub.

When you are done, you will have the following rules in the SD-WAN template:

Configuring SD-WAN rules

The SD-WAN rules define how the traffic flows. This section describes how to configure SD-WAN rules for internal (corporate) traffic, so that:

  1. The traffic prefers OL_INET, as long as it meets the SLA. If the traffic doesn’t meet the SLA, the traffic switches over to OL_MPLS.
  2. The traffic should always use DC1_FGT, as long as it is available. DC2_FGT should be used only as a backup Hub. In other words, DC2_FGT should only be used when DC1_FGT is completely out of service.

This topic describes how to create one rule for the primary hub and one rule for the secondary hub.

Creating SD-WAN rules for the primary hub

In the SD-WAN rule for the primary hub, we specify only the interface members connecting to the Primary Hub (DC1), and OL_INET_DC1 comes first in the list.

When using the Lowest Cost (SLA) strategy, preference is defined by configuration order, among others. The first interface that matches the SLA will be selected, which is precisely what we want to achieve here.

To create an SD-WAN rule for the primary hub:
  1. Go to Device Manager > SD-WAN > SD-WAN templates.
  2. Double-click the template named sdwan.branches to open it for editing.
  3. In the SD-WAN rules section, click Create New.
  4. Set the following options, and click OK.
    1. In the Name box, type Corporate-Primary.
    2. Under Source, click Source Address, and select the corporate network.
    3. Under Destination, click Source, and click Click here to select to select the corporate network.
    4. Under Outgoing Interfaces, click Lowest Cost (SLA).
    5. Beside Interface Preference, click Click here to select, and select OL_INET_DC1, and then OL_MPLS_DC1.
    6. Beside Required SLA Target, click Click here to select, and select DC#1.

    The rule is created.

  5. Click OK to save the SD-WAN template.

Creating SD-WAN rules for the secondary hub

In the SD-WAN rule for the secondary hub, we specify only the interface members connecting to the Secondary Hub (DC2), and OL_INET_DC2 comes first in the list.

Open the SD-WAN template named sdwan.branches for editing, and create a rule for the secondary hub.

When you are done, you will have the following rules in the SD-WAN template: