Description
This article describes how to change the sequence of SD-WAN rules using CLI.
Scope
FortiGate.
Solution
There are three SD-WAN rules in the following sequence.
Rule 1 - google_wan
Rule 2 - comcast_wan
Rule 3 - youtube
FGT # config system sdwan
FGT(sdwan) # config service
FGT(service) # show
config service
edit 1
set name "google_wan"
set dst "FIREWALL_AUTH_PORTAL_ADDRESS"
set src "FABRIC_DEVICE"
set users "guest"
set priority-zone "virtual-wan-link"
next
edit 2
set name "comcast_wan"
set dst "FABRIC_DEVICE"
set src "all"
set users "guest"
set priority-zone "virtual-wan-link"
next
edit 3
set name "youtube"
set dst "all"
set src "gmail.com"
set priority-zone "virtual-wan-link"
next
end
Now using the Move command, it will bring YouTube SD-WAN rule above the comcast_wan SD-WAN rule.
FGT# config system sdwan
FGT(sdwan) # config service
FGT(service) # move 3 before 2
FGT(service) # end
Result:
The YouTube rule which was at the bottom earlier is now above the rule comcast_wan.
Artorias-kvm23 (sdwan) # config service
Artorias-kvm23 (service) # show
config service
edit 1
set name "google_wan"
set dst "FIREWALL_AUTH_PORTAL_ADDRESS"
set src "FABRIC_DEVICE"
set users "guest"
set priority-zone "virtual-wan-link"
next
edit 3
set name "youtube"
set dst "all"
set src "gmail.com"
set priority-zone "virtual-wan-link"
next
edit 2
set name "comcast_wan"
set dst "FABRIC_DEVICE"
set src "all"
set users "guest"
set priority-zone "virtual-wan-link"
next
end
Other possibilities of move command using a ? after the command as shown below.
FGT (service) # move ?
*id SD-WAN rule ID (1 - 4000).
1 google_wan
3 youtube
2 comcast_wan
FGT (service) # move 3 ?
after <----- Move after.
before <----- Move before.
