FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssteo
Staff
Staff

Description


This article describes FortiGate source-ping using SD-WAN rules.

Solution


FortiGate has 2 WAN links which are PORT1 and PORT2.
One IPsec tunnel is tested.



 
 
There is One SD-WAN rule and no performance SLA.
 
 
 
 
There is one default route.
 
 

 
 
FortiGate LAN is PORT3 which is 10.225.1.220/22.
 
 
 
 
Use source IP 10.225.1.220 has been configured to ping 10.226.1.254 but fail. 10.226.1.254 is PC on IPsec LAN.
 
 

 
 

 
 
Ping from LAN PC and able to ping because it will use SD-WAN rules.
 
 
 
 
 
 
Found that in Fortigate CLI, to let the interface IP 10.225.1.220 to ping opposite 10.226.1.254, under 'ping-option', 'use-sdwan' needs to be configured as 'yes'.
 
Then FortiGate able ping to 10.226.1.254. So it is not relate to performance SLA just the ping option on FortiGate only.