You can create or update a business rule in a profile from the Business tab.
- Go to Configuration > Profile.
The list of profiles is displayed.
- Create a new profile, or open a profile for updating.
The Profile <name> dialog box is displayed.
- Click the Business tab.
The Business pane is displayed.
- Click +Create New.
The Business Rule dialog box is displayed.
- Complete the options, and click OK.
Name Type a name for the business rule.
Source Address Select the source address or address group.
Select or create users.
Select or create user groups
Destination Type Select the type of destination for the traffic. Dest Address Select or create the destination address or address group. Service Select or create the Internet service. Enable Toggle ON to enable the rule, and Toggle OFF to disable the rule.
For hub devices, choose from UNDERLAY, EXTERNAL_VPN_GATEWAY, or OVERLAY.
For edge devices, choose from UNDERLAY, OVERLAY, ALL, or EXTERNAL_VPN_GATEWAY.
When Group Type is set to OVERLAY, displays the path.
When Group Type is set to UNDERLAY, choose from SINGLE_PATH, MULTIPLE_PATH, or ALL_PUBLIC_LINE.
When Group Type is set to EXTERNAL_VPN_GATEWAY, select the gateway path.
When Group Type is set to Overlay, choose from LOW_COST, HIGH_QUALITY, or HIGH_THROUGHPUT.
When Group Type is set to Underlay for hub devices, choose from LOW_COST, HIGH_QUALITY, HIGH_THROUGHPUT, or MANUAL.
SLA Quality Level
Displays the minimum quality level.
Dual Hub Load Mode
Available for dual hubs when Group Type is set to OVERLAY. Choose from ACTIVE_PASSIVE or ACTIVE_ACTIVE.
When you choose ACTIVE_PASSIVE, the business rule is split and deployed to FortiGate as two rules:
- One rule is for the primary hub, and includes all overlay links to the primary hub as priority members.
- The other rule is for secondary hub, and includes all overlay links to the secondary hub as priority members.
When you choose ACTIVE_ACTIVE, a business rule is deployed to FortiGate as one rule. The priority members include all overlay links between the edge and both hubs.
SLA Server Type
When Group Type is set to Overlay, select the type of SLA server.
Select the SLA server.
Backhaul to Group
When Group Type is set to Overlay for hub devices, choose the backhaul route to the group.
The business rule is created.