Configuring a dedicate link to Office365 traffic

Forum|Forum|5 years ago
April 15, 2021
1 reply
7554 views

HI All,

I am new to Fortinet firewalls. In my scenario I have two WAN links. I need to configure a dedicated WAN link only for Office 365 traffic. How can I do that, Do I need to configure "static internet service routes" or SD WAN? I configured both options in lab environment but it did not work.

I would really appreciate if you can help me on this.

Thank you,

Gayan Samarakoon.

Yurisk

SuperUser

I'll give the direction, details are in the Fortinet docs:

1) Enable SD-WAN, add to it interfaces connecting to the Internet

2) Create SD-WAN rules in which you create a top-most rule with destination set to ISDB objects representing Office365 and route this traffic to the needed interface as highest priority.

gayansaAuthor

New Member

Hi Yuriki,

Thank you for your reply.

Is it possible to let me know detailed steps on configuring SDWAN with Office 365 application control.

Thank you,

Gayansa

sw2090

SuperUser

if you do not want to use sd-wan you could just create a second internet policy that matches all office365 traffic and make sure that it comes before your usual internet policy. Since Policies are exempt top down that would make all traffic to o365 hit that policy only.

if you use sdwan you cannot do this way since you no longer can access the physical wan interfaces in policies once they are members of the sd-wan.

In this case you have to do it the way Yurisk wrote.

Sd-wan config is rather easy. Just enable it and add your WAN interfaces to itl. If you have WAN with static ip setup on the FGT interface make sure to also add the gw in sd-wan.

I'd also recommend to set up some health check for sd-wan.

then change all internet policies to use sd-wan as dest interface.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded