Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Cookbook

    6.2.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.0
    6.0.0
    5.6.0
    5.4.0

    Creating the SD-WAN interface

    Creating the SD-WAN interface

    This recipe provides an example of how to start using SD-WAN for load balancing and redundancy.

    In this example, two ISP internet connections (wan1 and wan2) use SD-WAN to balance traffic between them at 50% each.

    To configure SD-WAN using the GUI:
    1. On the FortiGate, enable SD-WAN and add interfaces wan1 and wan2 as members:
      1. Go to Network > SD-WAN.
      2. Set the Status to Enable.
      3. Click the plus icon to add members, using the ISPs' proper gateways for each member.

        If IPv6 visibility is enabled in the GUI, an IPv6 gateway can also be added for each member. See Feature visibility for details.

      4. Click Apply to save your settings.
    2. Create a static route with virtual-wan-link enabled:
      1. Go to Network > Static Routes.
      2. Click Create New. The New Static Route page opens.
      3. From the Interface drop-down list, select SD-WAN.
      4. Click OK to save your changes.
    3. Create a firewall policy to allow the traffic:
      1. Go to Policy & Objects > IPv4 Policy.
      2. Click Create New. The New Policy page opens.
      3. For the Incoming Interface, select DMZ.
      4. For the Outgoing Interface, select SD-WAN.
      5. Configure the remaining settings as needed, then click OK to create the policy.

      Outgoing traffic will balance between wan1 and wan2 at a 50:50 ratio.

    To configure SD-WAN using the CLI:
    1. On the FortiGate, configure the wan1 and wan2 interfaces:
      config system interface 
    edit "wan1"
        set alias to_ISP1
        set ip 172.16.20.1 255.255.255.0
    next
    edit "wan2"
        set alias to_ISP2
        set ip 10.100.20.1 255.255.255.0
    next
end
    2. Enable SD-WAN and add the interfaces as members:
      config system virtual-wan-link
    set status enable
    config members
        edit 1
            set interface "wan1"
            set gateway 172.16.20.2
        next
        edit 2
            set interface "wan2"
            set gateway 10.100.20.2
        next
    end
end
    3. Configure a static route:
      config router static
    edit 1
        set distance 1
        set virtual-wan-link enable
    next
end
    4. Configure a firewall policy:
      config firewall policy
    edit 2
        set name "VWL"
        set srcintf "dmz"
        set dstintf "virtual-wan-link"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    next
end
    5. Use a diagnose command to check the state of the SD-WAN:
      # diagnose sys virtual-wan-link member
Member(1): interface: wan1, gateway: 172.16.20.2, priority: 0, weight: 0
Member(2): interface: wan2, gateway: 10.100.20.2, priority: 0, weight: 0
    Previous
    Next

    Creating the SD-WAN interface

    Creating the SD-WAN interface

    This recipe provides an example of how to start using SD-WAN for load balancing and redundancy.

    In this example, two ISP internet connections (wan1 and wan2) use SD-WAN to balance traffic between them at 50% each.

    To configure SD-WAN using the GUI:
    1. On the FortiGate, enable SD-WAN and add interfaces wan1 and wan2 as members:
      1. Go to Network > SD-WAN.
      2. Set the Status to Enable.
      3. Click the plus icon to add members, using the ISPs' proper gateways for each member.

        If IPv6 visibility is enabled in the GUI, an IPv6 gateway can also be added for each member. See Feature visibility for details.

      4. Click Apply to save your settings.
    2. Create a static route with virtual-wan-link enabled:
      1. Go to Network > Static Routes.
      2. Click Create New. The New Static Route page opens.
      3. From the Interface drop-down list, select SD-WAN.
      4. Click OK to save your changes.
    3. Create a firewall policy to allow the traffic:
      1. Go to Policy & Objects > IPv4 Policy.
      2. Click Create New. The New Policy page opens.
      3. For the Incoming Interface, select DMZ.
      4. For the Outgoing Interface, select SD-WAN.
      5. Configure the remaining settings as needed, then click OK to create the policy.

      Outgoing traffic will balance between wan1 and wan2 at a 50:50 ratio.

    To configure SD-WAN using the CLI:
    1. On the FortiGate, configure the wan1 and wan2 interfaces:
      config system interface 
    edit "wan1"
        set alias to_ISP1
        set ip 172.16.20.1 255.255.255.0
    next
    edit "wan2"
        set alias to_ISP2
        set ip 10.100.20.1 255.255.255.0
    next
end
    2. Enable SD-WAN and add the interfaces as members:
      config system virtual-wan-link
    set status enable
    config members
        edit 1
            set interface "wan1"
            set gateway 172.16.20.2
        next
        edit 2
            set interface "wan2"
            set gateway 10.100.20.2
        next
    end
end
    3. Configure a static route:
      config router static
    edit 1
        set distance 1
        set virtual-wan-link enable
    next
end
    4. Configure a firewall policy:
      config firewall policy
    edit 2
        set name "VWL"
        set srcintf "dmz"
        set dstintf "virtual-wan-link"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    next
end
    5. Use a diagnose command to check the state of the SD-WAN:
      # diagnose sys virtual-wan-link member
Member(1): interface: wan1, gateway: 172.16.20.2, priority: 0, weight: 0
Member(2): interface: wan2, gateway: 10.100.20.2, priority: 0, weight: 0
    Previous
    Next