Description

This article describes the challenges of adding a new WAN ISP (Non-SD-WAN member) to the default static route when an SD-WAN Zone is already set up.

Scope

FortiGate.

Solution

An SD-WAN zone has been set up already, with WAN1 and WAN2 added as members, and a default static route created for the SD-WAN configuration.

The error in the image below arises when adding the new WAN interface Port6 to the default static route.

By design, the default route cannot simultaneously be applied to SD-WAN and non-SD-WAN members.

For example, if WAN1 and WAN2 are used for the 0.0.0.0/0 route via SD-WAN, the same default route cannot be configured simultaneously through PortX.

The proper way is for the PortX to be a member of the SD-WAN and steer/route the traffic via SD-WAN-specific rules/services
Redundant Internet with SD-WAN

Note:

In newer FortiOS releases, a new SD-WAN zone can be formed with Port6 as a member, allowing its addition to the static route configuration.

In case there are dedicated default routes with dedicated interfaces then it is possible to add any number of default routes as mentioned below.

Both port1 and port2 are part of the SD-WAN zone.