SD-WAN – FortiOS 6.2
SD-WAN
SD-WAN is a software-defined approach to managing Wide-Area Networks (WAN). It allows you to offload internetbound traffic, meaning that private WAN services remain available for real-time and mission critical applications. This added flexibility improves traffic flow and reduces pressure on the network.
SD-WAN platforms create hybrid networks that integrate broadband and other network services into the corporate WAN while maintaining the performance and security of real-time and sensitive applications.
SD-WAN with Application Aware Routing can measure and monitor the performance of multiple services in a hybrid network. It uses application routing to offer more granular control of where and when an application uses a specific service, allowing better use of the overall network.
Some of the key benefits of SD-WAN include:
- Reduced cost with transport independence across MPLS, 3G/4G LTE, and others. l Improve business application performance thanks to increased availability and agility.
- Optimized user experience and efficiency with SaaS and public cloud applications.
SD-WAN has 3 objects:
- SD-WAN interface
Also called members, SD-WAN interfaces are the ports and interfaces that are used to run traffic. At least one interface must be configured for SD-WAN to function; up to 255 member interfaces can be configured. See Creating the SD-WAN interface on page 105.
- Performance-SLA
Also called health-check, performance SLAs are used to monitor member interface link quality, and to detect link failures. They can be used to remove routes, and to reroute traffic when an SD-WAN member cannot detect the server. They can also be used in SD-WAN rules to select the preferred member interface for forwarding traffic. See Performace SLA – link monitoring on page 114.
- SD-WAN rule
Also called service, SD-WAN rules are used to control path selection. Specific traffic can be dynamically sent to the best link, or use a specific route. There are five modes: l auto: Assign interfaces a priority based on quality. l manual: Assign interfaces a priority manually. l priority: Assign interfaces a priority based on the link-cost-factor quality of the interface. l sla: Assign interfaces a priority based on selected SLA settings. l load-balance: Distribute traffic among all available links based on the load balance algorithm.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Hey Mike, how are you?
I have a question that I don’t know if there is a solution, due to lack of knowledge in SD-WAN.
I need to have a way to make my MPLS redundant through an IPSEC. I did this with SD-WAN and obitive a certain success, but here a problem arose, due to the poor quality of MPLS, often the traffic is routed to IPSEC; here I need this to happen only in cases of a fall or when the quality is really bad. I also test by making the manual SD-WAN Rules, but there comes the case that sometimes the MPLS runs out of traffic, but the interface remains on, requiring manual intervention. Is there any smart way out for this case?
thanks in advance