Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 6.4.11 Administration Guide
    6.4.11
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    SD-WAN rules (central management)

    SD-WAN rules (central management)

    Configure SD-WAN rules for WAN links by specifying the required network parameters. The SD-WAN rules are applied to the FortiGate device when the SD-WAN template is applied.

    To create a new SD-WAN rule:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Device Manager > SD-WAN > SD-WAN Template.
    3. Click Create New in the content pane toolbar, or right-click and select Create New. The Create New page opens.
    4. In the SD-WAN Rules toolbar, click Create New. The Create New SD-WAN Rule dialog-box opens.

    5. Enter the following information, then click OK to create the new SD-WAN rule:

      Name

      Enter the name of the rule.

      IP Version

      Select either IPv4 or IPv6.

      Source

      Address

      Add one or more address from the drop-down.

      Users

      Add one or more users from the drop-down.

      User Groups

      Add one or more groups from the drop-down.

      Destination

      Address

      Select an address or addresses from the drop-down list. This option is only available when Destination is Address.

      Internet Service

      Select a service or services from the drop-down list. This option is only available when Destination is Internet Service.

      Internet Service Group

      Select a service group or groups from the drop-down list. This option is only available when Destination is Internet Service.

      Custom Internet Service

      Select a service or services from the drop-down list. This option is only available when Destination is Internet Service.

      Custom Internet Service Group

      Select a service group or groups from the drop-down list. This option is only available when Destination is Internet Service.

      Application

      Select an application or applications from the drop-down list. This option is only available when Destination is Internet Service.

      Application Group

      Select an application group or groups from the drop-down list. This option is only available when Destination is Internet Service.

      Protocol

      Select the protocol, or specify the protocol number.

      Port Range

      Enter the port range. This option is only available when the protocol is TCP or UDP.

      Type of Service

      Specify the type of service and bit mask.

      Outgoing Interface

      Strategy

      Select one of the following to specify how the traffic flows through the outgoing interface:

      • Manual to specify what outgoing interface members to use.
      • Priority to identify outgoing interface members and have traffic flow based on priority status.
      • Lowest Cost (SLA) to identify outgoing interface members and have traffic flow based on the lowest cost.
      • Maximize Bandwidth SLA to identify outgoing interface members and have traffic flow to maximize bandwidth.

      Interface Preference

      For the selected strategy, specify what interfaces you would like to be used. The top of the list is the highest priority, if SLA targets are met.

      Measured SLA

      Select the SLA measurement for the selected strategy.

      Require SLA Target

      Select the required SLA target for the selected strategy.

      Advanced Options

      addr-mode

      Address mode (IPv4 or IPv6).

      bandwidth-weight

      Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1, range [0-10000000].

      dscp-forward

      Enable/disable forward traffic DSCP tag.

      dscp-forward-tag

      Forward traffic DSCP tag.

      dscp-reverse

      Enable/disable reverse traffic DSCP tag.

      dscp-reverse-tag

      verse traffic DSCP tag.

      dst-negate

      Enable/disable negation of destination address match.

      dst6

      Destination IPv6 address name.

      input-device

      Source interface name.

      internet-service-ctrl

      Control-based Internet Service ID list.

      internet-service-ctrl-group

      Control-based Internet Service ID, range [0-4294967295].

      internet-service-custom-group

      Custom Internet Service group list.

      internet-service-group

      Internet Service group list.

      jitter-weight

      Coefficient of jitter in the formula of custom-profile-1, range [0-10000000].

      latency-weight

      Coefficient of latency in the formula of custom-profile-1, range[0-10000000].

      link-cost-threshold

      Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000, default = 10).

      packet-loss-weight

      Coefficient of packet-loss in the formula of custom-profile-1, range[0-10000000].

      route-tag

      IPv4 route map route-tag, range [0-4294967295].

      src-negate

      Enable/disable negation of source address match.

      src6

      Source IPv6 address name.

      status

      Enable/disable SD-WAN service.

    Previous
    Next

    SD-WAN rules (central management)

    SD-WAN rules (central management)

    Configure SD-WAN rules for WAN links by specifying the required network parameters. The SD-WAN rules are applied to the FortiGate device when the SD-WAN template is applied.

    To create a new SD-WAN rule:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Device Manager > SD-WAN > SD-WAN Template.
    3. Click Create New in the content pane toolbar, or right-click and select Create New. The Create New page opens.
    4. In the SD-WAN Rules toolbar, click Create New. The Create New SD-WAN Rule dialog-box opens.

    5. Enter the following information, then click OK to create the new SD-WAN rule:

      Name

      Enter the name of the rule.

      IP Version

      Select either IPv4 or IPv6.

      Source

      Address

      Add one or more address from the drop-down.

      Users

      Add one or more users from the drop-down.

      User Groups

      Add one or more groups from the drop-down.

      Destination

      Address

      Select an address or addresses from the drop-down list. This option is only available when Destination is Address.

      Internet Service

      Select a service or services from the drop-down list. This option is only available when Destination is Internet Service.

      Internet Service Group

      Select a service group or groups from the drop-down list. This option is only available when Destination is Internet Service.

      Custom Internet Service

      Select a service or services from the drop-down list. This option is only available when Destination is Internet Service.

      Custom Internet Service Group

      Select a service group or groups from the drop-down list. This option is only available when Destination is Internet Service.

      Application

      Select an application or applications from the drop-down list. This option is only available when Destination is Internet Service.

      Application Group

      Select an application group or groups from the drop-down list. This option is only available when Destination is Internet Service.

      Protocol

      Select the protocol, or specify the protocol number.

      Port Range

      Enter the port range. This option is only available when the protocol is TCP or UDP.

      Type of Service

      Specify the type of service and bit mask.

      Outgoing Interface

      Strategy

      Select one of the following to specify how the traffic flows through the outgoing interface:

      • Manual to specify what outgoing interface members to use.
      • Priority to identify outgoing interface members and have traffic flow based on priority status.
      • Lowest Cost (SLA) to identify outgoing interface members and have traffic flow based on the lowest cost.
      • Maximize Bandwidth SLA to identify outgoing interface members and have traffic flow to maximize bandwidth.

      Interface Preference

      For the selected strategy, specify what interfaces you would like to be used. The top of the list is the highest priority, if SLA targets are met.

      Measured SLA

      Select the SLA measurement for the selected strategy.

      Require SLA Target

      Select the required SLA target for the selected strategy.

      Advanced Options

      addr-mode

      Address mode (IPv4 or IPv6).

      bandwidth-weight

      Coefficient of reciprocal of available bidirectional bandwidth in the formula of custom-profile-1, range [0-10000000].

      dscp-forward

      Enable/disable forward traffic DSCP tag.

      dscp-forward-tag

      Forward traffic DSCP tag.

      dscp-reverse

      Enable/disable reverse traffic DSCP tag.

      dscp-reverse-tag

      verse traffic DSCP tag.

      dst-negate

      Enable/disable negation of destination address match.

      dst6

      Destination IPv6 address name.

      input-device

      Source interface name.

      internet-service-ctrl

      Control-based Internet Service ID list.

      internet-service-ctrl-group

      Control-based Internet Service ID, range [0-4294967295].

      internet-service-custom-group

      Custom Internet Service group list.

      internet-service-group

      Internet Service group list.

      jitter-weight

      Coefficient of jitter in the formula of custom-profile-1, range [0-10000000].

      latency-weight

      Coefficient of latency in the formula of custom-profile-1, range[0-10000000].

      link-cost-threshold

      Percentage threshold change of link cost values that will result in policy route regeneration (0 - 10000000, default = 10).

      packet-loss-weight

      Coefficient of packet-loss in the formula of custom-profile-1, range[0-10000000].

      route-tag

      IPv4 route map route-tag, range [0-4294967295].

      src-negate

      Enable/disable negation of source address match.

      src6

      Source IPv6 address name.

      status

      Enable/disable SD-WAN service.

    Previous
    Next