FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article explains how to avoid misrouting by associating each of the WAN interfaces that comprise an SD-WAN to its corresponding physical interface, if there is a NAT pool for each of them.
Solution Create both IP pool objects at Policy & Objects -> IP Pools.
Add these two IP pools to the firewall policy that gives user’s access to the Internet via the SD-WAN: - Go to Policy & Objects -> IPv4 Policy - Create or edit the corresponding policy and in the Firewall/Network Options enable the NAT option. - In the IP Pool Configuration, select 'Use Dynamic IP Pool' and add the two IP Pools created previously.
Via CLI only: In order to associate each of the IP Pools used in the firewall policy with their corresponding physical interface open a CLI session and type:
#config firewall ippool edit <IP_Pool_1> set associated-interface <portX> next edit <IP_Pool_2> set associated-interface <portY> next end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.