Fortinet black logo

SD-WAN Orchestrator 7.0.0.r3 Administration Guide

Creating business rules

7.0.1
Copy Link
Copy Doc ID 2819d571-05fb-11ec-8f3f-00505692583a:772102
Download PDF

Creating business rules

You can create or update a business rule in a profile from the Business tab.

To create a business rule:
  1. Go to Configuration > Profile.

    The list of profiles is displayed.

  2. Create a new profile, or open a profile for updating.

    The Profile <name> dialog box is displayed.

  3. Click the Business tab.

    The Business pane is displayed.

  4. Click +Create New.

    The Business Rule dialog box is displayed.

  5. Complete the options, and click OK.

    Option

    Description

    Name Type a name for the business rule.

    Criteria

    Source Address Select the source address or address group.

    Users

    Select or create users.

    User Groups

    Select or create user groups

    Destination Type Select the type of destination for the traffic.
    Dest Address Select or create the destination address or address group.
    Service Select or create the Internet service.
    Enable Toggle ON to enable the rule, and Toggle OFF to disable the rule.

    Link Policy

    Group Type

    For hub devices, choose from UNDERLAY, EXTERNAL_VPN_GATEWAY, or OVERLAY.

    For edge devices, choose from UNDERLAY, OVERLAY, ALL, or EXTERNAL_VPN_GATEWAY.

    Path

    When Group Type is set to OVERLAY, displays the path.

    When Group Type is set to UNDERLAY, choose from SINGLE_PATH, MULTIPLE_PATH, or ALL_PUBLIC_LINE.

    Gateway Path

    When Group Type is set to EXTERNAL_VPN_GATEWAY, select the gateway path.

    Load Policy

    When Group Type is set to Overlay, choose from LOW_COST, HIGH_QUALITY, or HIGH_THROUGHPUT.

    When Group Type is set to Underlay for hub devices, choose from LOW_COST, HIGH_QUALITY, HIGH_THROUGHPUT, or MANUAL.

    SLA Quality Level

    Displays the minimum quality level.

    Dual Hub Load Mode

    Available for dual hubs when Group Type is set to OVERLAY. Choose from ACTIVE_PASSIVE or ACTIVE_ACTIVE.

    When you choose ACTIVE_PASSIVE, the business rule is split and deployed to FortiGate as two rules:

    • One rule is for the primary hub, and includes all overlay links to the primary hub as priority members.
    • The other rule is for secondary hub, and includes all overlay links to the secondary hub as priority members.

    When you choose ACTIVE_ACTIVE, a business rule is deployed to FortiGate as one rule. The priority members include all overlay links between the edge and both hubs.

    SLA Server Type

    When Group Type is set to Overlay, select the type of SLA server.

    SLA Server

    Select the SLA server.

    Backhaul to Group

    When Group Type is set to Overlay for hub devices, choose the backhaul route to the group.

    The business rule is created.

Creating business rules

You can create or update a business rule in a profile from the Business tab.

To create a business rule:
  1. Go to Configuration > Profile.

    The list of profiles is displayed.

  2. Create a new profile, or open a profile for updating.

    The Profile <name> dialog box is displayed.

  3. Click the Business tab.

    The Business pane is displayed.

  4. Click +Create New.

    The Business Rule dialog box is displayed.

  5. Complete the options, and click OK.

    Option

    Description

    Name Type a name for the business rule.

    Criteria

    Source Address Select the source address or address group.

    Users

    Select or create users.

    User Groups

    Select or create user groups

    Destination Type Select the type of destination for the traffic.
    Dest Address Select or create the destination address or address group.
    Service Select or create the Internet service.
    Enable Toggle ON to enable the rule, and Toggle OFF to disable the rule.

    Link Policy

    Group Type

    For hub devices, choose from UNDERLAY, EXTERNAL_VPN_GATEWAY, or OVERLAY.

    For edge devices, choose from UNDERLAY, OVERLAY, ALL, or EXTERNAL_VPN_GATEWAY.

    Path

    When Group Type is set to OVERLAY, displays the path.

    When Group Type is set to UNDERLAY, choose from SINGLE_PATH, MULTIPLE_PATH, or ALL_PUBLIC_LINE.

    Gateway Path

    When Group Type is set to EXTERNAL_VPN_GATEWAY, select the gateway path.

    Load Policy

    When Group Type is set to Overlay, choose from LOW_COST, HIGH_QUALITY, or HIGH_THROUGHPUT.

    When Group Type is set to Underlay for hub devices, choose from LOW_COST, HIGH_QUALITY, HIGH_THROUGHPUT, or MANUAL.

    SLA Quality Level

    Displays the minimum quality level.

    Dual Hub Load Mode

    Available for dual hubs when Group Type is set to OVERLAY. Choose from ACTIVE_PASSIVE or ACTIVE_ACTIVE.

    When you choose ACTIVE_PASSIVE, the business rule is split and deployed to FortiGate as two rules:

    • One rule is for the primary hub, and includes all overlay links to the primary hub as priority members.
    • The other rule is for secondary hub, and includes all overlay links to the secondary hub as priority members.

    When you choose ACTIVE_ACTIVE, a business rule is deployed to FortiGate as one rule. The priority members include all overlay links between the edge and both hubs.

    SLA Server Type

    When Group Type is set to Overlay, select the type of SLA server.

    SLA Server

    Select the SLA server.

    Backhaul to Group

    When Group Type is set to Overlay for hub devices, choose the backhaul route to the group.

    The business rule is created.