Configuring SD-WAN rules

You can use SD-WAN rules to specify which traffic you want to route through which interface (ISP). This gives you great flexibility when you configure how you want the FortiGate to route traffic. For example, you can route Netflix traffic from specific authenticated users through one ISP and route the rest of your Internet traffic through another ISP.

You can configure the rules to use various parameters to match traffic, including source and destination IP addresses, destination port numbers, and ISDB address objects.

When the FortiGate matches traffic to a rule, that rule determines which egress interface the traffic takes. You can configure SD-WAN rules to use one of the following strategies to determine the egress interface:

  • Best quality
  • Minimum quality (SLA)

The FortiGate evaluates SD-WAN rules from top to bottom, using the first match. SD-WAN rules are treated as policy routes and take precedence over other routes in the routing table.

If none of the conditions for the SD-WAN rules are met, the FortiGate uses the implicit rule, called sd-wan, that’s automatically generated when you enable SD-WAN. The sd-wan rule balances traffic based on how you configured SD-WAN load balancing.