SD-WAN rules in conjunction with Security Policy "any" interface condition

Forum|Forum|1 year ago
March 3, 2025
1 reply
489 views

Hi All,

I am trying to find information if we can use "any" as source and destination interface in the security rules which are allowing traffic that will be routed base on the SD-WAN rules via the respective members of the SD-WAN zone, or it is mandatory to specify the zone in the the security policy.

Thank you!

JonasV

Explorer

Hi @AtanasBal

Your IPv4 policies (if this is what you reference to as security rules) can have both sec. and dst. interface as any if you like. The IPv4 policies are for policing the traffic, not routing og traffic stearing.

However if you already know that traffic will egress your SD-WAN zone, I would have defined it in my IPv4 policy as dst.

You might have to “unlock” the any interface option in the feature visibility menu of the FGT GUI.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded