Technical Tip: How to change sequence of SD-WAN rules using CLI

sbhupinder · ‎11-27-2022

Description

This article describes how to change the sequence of SD-WAN rules using CLI.

Scope

FortiGate.

Solution

There are three SD-WAN rules in the following sequence.

Rule 1 - google_wan

Rule 2 - comcast_wan

Rule 3 - youtube

FGT # config system sdwan

FGT(sdwan) # config service

FGT(service) # show

config service

edit 1

set name "google_wan"

set dst "FIREWALL_AUTH_PORTAL_ADDRESS"

set src "FABRIC_DEVICE"

set users "guest"

set priority-zone "virtual-wan-link"

set name "comcast_wan"

set dst "FABRIC_DEVICE"

set src "all"

set users "guest"

set priority-zone "virtual-wan-link"

set name "youtube"

set dst "all"

set src "gmail.com"

set priority-zone "virtual-wan-link"

Now using the Move command, it will bring YouTube SD-WAN rule above the comcast_wan SD-WAN rule.

FGT# config system sdwan

FGT(sdwan) # config service

FGT(service) # move 3 before 2

FGT(service) # end

Result:

The YouTube rule which was at the bottom earlier is now above the rule comcast_wan.

Artorias-kvm23 (sdwan) # config service

Artorias-kvm23 (service) # show

config service

edit 1

set name "google_wan"

set dst "FIREWALL_AUTH_PORTAL_ADDRESS"

set src "FABRIC_DEVICE"

set users "guest"

set priority-zone "virtual-wan-link"

set name "youtube"

set dst "all"

set src "gmail.com"

set priority-zone "virtual-wan-link"

set name "comcast_wan"

set dst "FABRIC_DEVICE"

set src "all"

set users "guest"

set priority-zone "virtual-wan-link"

Other possibilities of move command using a ? after the command as shown below.

FGT (service) # move ?

*id SD-WAN rule ID (1 - 4000).

1 google_wan

3 youtube

2 comcast_wan

FGT (service) # move 3 ?

after <----- Move after.

before <----- Move before.

Technical Tip: How to change sequence of SD-WAN rules using CLI

Description

Scope

Solution

You are leaving our website