Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

NormanSnowden
New Contributor

Routing Traffic through SD-WAN

Have a fortiGate device with two different ISPs connected via SD-WAN.   I would like to route all social media traffic (netflix, hbo, facebook, etc...) out the ISP connected that has less bandwidth and keep the faster pipe for work related items.   However, if anyone of the connections goes down...automatically route all traffic out the "up" connection.

How do you use policy route to route the social media traffic out the slower pipe?

3 REPLIES 3
YohaDAVI
New Contributor

Hello,

From my point of view, you can't do it easier.

What is your FortiOS ?

Since FortiOS 5.6, you can make policy routing based on FQDN (be carefull, FQDN only and not wildcard FQDN). Maybe check is needed if you can do it based on "internet services" on FortiOS 6.X (not possible in 5.6).

Best regards,
Yohann
KirtAnto
New Contributor II

Hi Norman,

Under "Network" >> "SDWAN Rules" you can specify rules based on Protocol and Service Type, or you can specify based on "Internet services" like Amazon AWS, Facebook-web, Facebook-watsapp etc. For each rule you can specify the WAN interface to access the internet. ie you can specify which all services can be access through each interface.

A user can be made to access Microsoft Outlook through WAN1 and Facebook through WAN2 with SDWAN Rules.  This may serve your purpose. So checkout SD WAN Rules before Policy routes.

Check out
https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-networking/SD-WAN/Configuring_SD-WAN_rules.htm

------------------------------
Regards,
Kirthy
------------------------------
-------------------------------------------
Original Message:
Sent: 04-05-2019 01:29
From: Norman Snowden
Subject: Routing Traffic through SD-WAN

Have a fortiGate device with two different ISPs connected via SD-WAN.   I would like to route all social media traffic (netflix, hbo, facebook, etc...) out the ISP connected that has less bandwidth and keep the faster pipe for work related items.   However, if anyone of the connections goes down...automatically route all traffic out the "up" connection.

How do you use policy route to route the social media traffic out the slower pipe?
Regards, Kirthy
Regards, Kirthy
rmoussa
Contributor

SDWAN rules are the solution, you can specify policy routes based on applications to achieve your needs.

Regards
Rony

------------------------------
Rony Moussa
Fortinet NSE Certified: Level 8
------------------------------
Rony Moussa
Fortinet NSE Certified: Level 8
Rony MoussaFortinet NSE Certified: Level 8