Fortigate Traffic flow SD WAN

Forum|Forum|6 years ago
April 24, 2020
1 reply
5003 views

Hello Community

I have a question about traffic flow in sdwan. in which order is the firewall policy, sd wan policy, traffic shaping are handled.

Best Regards,

Bernhard

6.2

Toshi_Esumi

SuperUser

https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-life-of-packet/lop-packet-flow-ingress-egress.htm

This is the closest I could find in my on-line search. Looks like SD-WAN is processed as a part of routing (basically policy routes). Then multiple phases(components) of policy are examined in following phases. Traffic shaping decisions seem to come up almost at the end before sending into the protocol stack.

localhost

Visitor III

Yes - The 'life of packet' document is most likely what you were looking for.

SD-Wan rules are basically fancy policy routes.

Routing order looks like this.

1. Policy routing lookup

2. SD-WAN routing lookup

3. FIB routing lookup (routes from routing protocols, static routes, connected interfaces)

If a valid route entry was found it looks and applies the matching firewall policy.

If the Fortigate is unable to find a matching policy the packet is dropped.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded