Description
This article describes that from the 7.2 version of FortiGate, the SD-WAN rule for the application category can be created, earlier it was needed to add applications individually.
Pre-Requisite
Internet link added as SD-WAN member and firewall policy enabled with application control profile.
Solution
1) Create an SDWAN rule.
2) Select Destination.
Initially, the application control option needs to be enabled via CLI. So for creating a rule, define the destination address as 'all' or any specific entry.
3) Select OK.
4) Select 'CLI'.
5) Via CLI, as mentioned enable Internet service, after having specified an application or category, attribute category 5 to video/audio.
6) Other category IDs are also available as listed.
7) Select SD-WAN to refresh the page.
8) Now the changes made on the CLI are available in the GUI.
9) Open the policy if adding more applications or categories is needed.
10) Validating the traffic flow.
Confirm under the FortiView application for matching traffic once initiated from the client PC.
11) Select highlight.
12) Select Destination Interface to view the outgoing interface.
13) Via CLI, a dynamic entry will be created for the matching application with the destination IP.
14) This can be verified via CLI as mentioned below.
Two session outputs are listed for the same destination IP. Only the web access is matching to the SD-WAN rule and the ping traffic is matching to the default flow.
Related document:
