SD-WAN – FortiOS 6.2


SD-WAN is a software-defined approach to managing Wide-Area Networks (WAN). It allows you to offload internetbound traffic, meaning that private WAN services remain available for real-time and mission critical applications. This added flexibility improves traffic flow and reduces pressure on the network.

SD-WAN platforms create hybrid networks that integrate broadband and other network services into the corporate WAN while maintaining the performance and security of real-time and sensitive applications.

SD-WAN with Application Aware Routing can measure and monitor the performance of multiple services in a hybrid network. It uses application routing to offer more granular control of where and when an application uses a specific service, allowing better use of the overall network.

Some of the key benefits of SD-WAN include:

  • Reduced cost with transport independence across MPLS, 3G/4G LTE, and others. l Improve business application performance thanks to increased availability and agility.
  • Optimized user experience and efficiency with SaaS and public cloud applications.

SD-WAN has 3 objects:

  • SD-WAN interface

Also called members, SD-WAN interfaces are the ports and interfaces that are used to run traffic. At least one interface must be configured for SD-WAN to function; up to 255 member interfaces can be configured. See Creating the SD-WAN interface on page 105.

  • Performance-SLA

Also called health-check, performance SLAs are used to monitor member interface link quality, and to detect link failures. They can be used to remove routes, and to reroute traffic when an SD-WAN member cannot detect the server. They can also be used in SD-WAN rules to select the preferred member interface for forwarding traffic. See Performace SLA – link monitoring on page 114.

  • SD-WAN rule

Also called service, SD-WAN rules are used to control path selection. Specific traffic can be dynamically sent to the best link, or use a specific route. There are five modes: l auto: Assign interfaces a priority based on quality. l manual: Assign interfaces a priority manually. l priority: Assign interfaces a priority based on the link-cost-factor quality of the interface. l sla: Assign interfaces a priority based on selected SLA settings. l load-balance: Distribute traffic among all available links based on the load balance algorithm.

This entry was posted in Administration Guides, FortiGate, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “SD-WAN – FortiOS 6.2

  1. Edemar Luccezen

    Hey Mike, how are you?
    I have a question that I don’t know if there is a solution, due to lack of knowledge in SD-WAN.
    I need to have a way to make my MPLS redundant through an IPSEC. I did this with SD-WAN and obitive a certain success, but here a problem arose, due to the poor quality of MPLS, often the traffic is routed to IPSEC; here I need this to happen only in cases of a fall or when the quality is really bad. I also test by making the manual SD-WAN Rules, but there comes the case that sometimes the MPLS runs out of traffic, but the interface remains on, requiring manual intervention. Is there any smart way out for this case?
    thanks in advance


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.