Fortinet black logo

Administration Guide

SD-WAN rules (central management)

SD-WAN rules (central management)

Configure SD-WAN rules for WAN links by specifying the required network parameters. The SD-WAN rules are applied to the FortiGate device when the SD-WAN template is applied.

To create a new SD-WAN rule:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Device Manager > SD-WAN > SD-WAN Template.
  3. Click Create New in the content pane toolbar, or right-click and select Create New. The Create New page opens.
  4. In the SD-WAN Rules toolbar, click Create New. The Create New SD-WAN Rule dialog-box opens.

  5. Enter the following information, then click OK to create the new SD-WAN rule:

    Name

    Enter the name of the rule.

    Source

    Address

    Add one or more address from the drop-down.

    Users

    Add one or more users from the drop-down.

    User Groups

    Add one or more groups from the drop-down.

    Destination

    Address

    Select an address or addresses from the drop-down list. This option is only available when Destination is Address.

    Internet Service

    Select a service or services from the drop-down list. This option is only available when Destination is Internet Service.

    Internet Service Group

    Select a service group or groups from the drop-down list. This option is only available when Destination is Internet Service.

    Custom Internet Service

    Select a service or services from the drop-down list. This option is only available when Destination is Internet Service.

    Custom Internet Service Group

    Select a service group or groups from the drop-down list. This option is only available when Destination is Internet Service.

    Application

    Select an application or applications from the drop-down list. This option is only available when Destination is Internet Service.

    Application Group

    Select an application group or groups from the drop-down list. This option is only available when Destination is Internet Service.

    Protocol

    Select the protocol, of specify the protocol number.

    Port Range

    Enter the port range. This option is only available when the protocol is TCP or UDP.

    Type of Service

    Specify the type of service and bit mask. This option is only available the protocol is set to Specify.

    Outgoing Interface Select Best Quality or Minimum Quality (SLA).

    Interface Members

    Select interface members.

    Status Check

    This option is only available when the outgoing interface is Best Quality.

    Require SLA Target

    This option is only available when the outgoing interface is Minimum Quality (SLA).

    Advanced Options

    addr-mode

    Address mode (IPv4 or IPv6).

    bandwidth-weight

    Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1, range [0-10000000].

    dscp-forward

    Enable/disable forward traffic DSCP tag.

    dscp-forward-tag

    Forward traffic DSCP tag.

    dscp-reverse

    Enable/disable reverse traffic DSCP tag.

    dscp-reverse-tag

    verse traffic DSCP tag.

    dst-negate

    Enable/disable negation of destination address match.

    dst6

    Destination IPv6 address name.

    input-device

    Source interface name.

    internet-service-ctrl

    Control-based Internet Service ID list.

    internet-service-ctrl-group

    Control-based Internet Service ID, range [0-4294967295].

    internet-service-custom-group

    Custom Internet Service group list.

    internet-service-group

    Internet Service group list.

    jitter-weight

    Coefficient of jitter in the formula of custom-profile-1, range [0-10000000].

    latency-weight

    Coefficient of latency in the formula of custom-profile-1, range[0-10000000].

    link-cost-threshold

    Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000, default = 10).

    packet-loss-weight

    Coefficient of packet-loss in the formula of custom-profile-1, range[0-10000000].

    route-tag

    IPv4 route map route-tag, range [0-4294967295].

    src-negate

    Enable/disable negation of source address match.

    src6

    Source IPv6 address name.

    status

    Enable/disable SD-WAN service.

SD-WAN rules (central management)

Configure SD-WAN rules for WAN links by specifying the required network parameters. The SD-WAN rules are applied to the FortiGate device when the SD-WAN template is applied.

To create a new SD-WAN rule:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Device Manager > SD-WAN > SD-WAN Template.
  3. Click Create New in the content pane toolbar, or right-click and select Create New. The Create New page opens.
  4. In the SD-WAN Rules toolbar, click Create New. The Create New SD-WAN Rule dialog-box opens.

  5. Enter the following information, then click OK to create the new SD-WAN rule:

    Name

    Enter the name of the rule.

    Source

    Address

    Add one or more address from the drop-down.

    Users

    Add one or more users from the drop-down.

    User Groups

    Add one or more groups from the drop-down.

    Destination

    Address

    Select an address or addresses from the drop-down list. This option is only available when Destination is Address.

    Internet Service

    Select a service or services from the drop-down list. This option is only available when Destination is Internet Service.

    Internet Service Group

    Select a service group or groups from the drop-down list. This option is only available when Destination is Internet Service.

    Custom Internet Service

    Select a service or services from the drop-down list. This option is only available when Destination is Internet Service.

    Custom Internet Service Group

    Select a service group or groups from the drop-down list. This option is only available when Destination is Internet Service.

    Application

    Select an application or applications from the drop-down list. This option is only available when Destination is Internet Service.

    Application Group

    Select an application group or groups from the drop-down list. This option is only available when Destination is Internet Service.

    Protocol

    Select the protocol, of specify the protocol number.

    Port Range

    Enter the port range. This option is only available when the protocol is TCP or UDP.

    Type of Service

    Specify the type of service and bit mask. This option is only available the protocol is set to Specify.

    Outgoing Interface Select Best Quality or Minimum Quality (SLA).

    Interface Members

    Select interface members.

    Status Check

    This option is only available when the outgoing interface is Best Quality.

    Require SLA Target

    This option is only available when the outgoing interface is Minimum Quality (SLA).

    Advanced Options

    addr-mode

    Address mode (IPv4 or IPv6).

    bandwidth-weight

    Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1, range [0-10000000].

    dscp-forward

    Enable/disable forward traffic DSCP tag.

    dscp-forward-tag

    Forward traffic DSCP tag.

    dscp-reverse

    Enable/disable reverse traffic DSCP tag.

    dscp-reverse-tag

    verse traffic DSCP tag.

    dst-negate

    Enable/disable negation of destination address match.

    dst6

    Destination IPv6 address name.

    input-device

    Source interface name.

    internet-service-ctrl

    Control-based Internet Service ID list.

    internet-service-ctrl-group

    Control-based Internet Service ID, range [0-4294967295].

    internet-service-custom-group

    Custom Internet Service group list.

    internet-service-group

    Internet Service group list.

    jitter-weight

    Coefficient of jitter in the formula of custom-profile-1, range [0-10000000].

    latency-weight

    Coefficient of latency in the formula of custom-profile-1, range[0-10000000].

    link-cost-threshold

    Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000, default = 10).

    packet-loss-weight

    Coefficient of packet-loss in the formula of custom-profile-1, range[0-10000000].

    route-tag

    IPv4 route map route-tag, range [0-4294967295].

    src-negate

    Enable/disable negation of source address match.

    src6

    Source IPv6 address name.

    status

    Enable/disable SD-WAN service.