| Description | This article describes the option to enable application steering in the SD-WAN rules. |
| Scope | FortiGate v7.2 and above versions. |
| Solution |
For application detection as a criteria in SD-WAN rules, it is possible to use application signatures from FortiGuard's predefined application signature database, create application groups, or use application categories.
Application categories classify applications based on FortiGuard-defined categories (for example: Business, Game, Social Media). Adding application categories to the SD-WAN rule destination has been supported starting v7.2.1. It is also possible to create application groups to add multiple application signatures from different categories.
By default, the application and application groups are not available for selection in SD-WAN rules. To enable SD-WAN application steering from Fortigate GUI, go to System -> Feature Visibility and enable Application Detection-Based SD-WAN. If VDOMs are enabled, the same option can be enabled on the Global VDOM.
If the option is not available from the GUI, enable it via CLI using the following commands:
config system global set gui-app-detection-sdwan enable end
Before enabling application detection:
After enabling application detection:
To view the available application signatures and application categories, go to Security Profiles > Application Signatures.
Note: Application control must be enabled in the firewall policy for SD-WAN application-based steering to work.
Related article: Technical Tip: Steer the Application traffic with SD-WAN rule |
