To find the SD-WAN rule that is used in a particular session, it is recommended to apply a filter to match the session in the session list.
See Troubleshooting Tip: FortiGate session table information for more information about different ways to apply a session filter.

In this example, the filter used is by Source IP 192.168.7.2. Enter the following commands to find the matching session:

diag sys session filter src 192.168.7.2
diag sys session list

The output will display all of the sessions with source IP 192.168.7.2. In the current example, the following output appears:

session info: proto=6 proto_state=01 duration=61 expire=3538 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=may_dirty
statistic(bytes/packets/allow_err): org=314/4/1 reply=1586/3/1 tuples=2
tx speed(Bps/kbps): 5/0 rx speed(Bps/kbps): 25/0
orgin->sink: org pre->post, reply pre->post dev=4->9/9->4 gwy=10.9.15.254/192.168.7.2
hook=post dir=org act=snat 192.168.7.2:49790->192.229.211.108:80(10.9.11.249:49790)
hook=pre dir=reply act=dnat 192.229.211.108:80->10.9.11.249:49790(192.168.7.2:49790)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=7 pol_uuid_idx=14769 auth_info=0 chk_client_info=0 vd=0
serial=0014581f tos=ff/ff app_list=0 app=0 url_cat=0
sdwan_mbr_seq=4 sdwan_service_id=3
rpdb_link_id=ff000003 ngfwid=n/a
npu_state=0x000100
no_ofld_reason: npu-flag-off

The useful information in the output for the SD-WAN rule and the member is sdwan_mbr_seq=4 sdwan_service_id=3.

This means that SD-WAN member #4 and SD-WAN service ID #3 were used for traffic.

The SD-WAN Service ID is the SD-WAN rule number. In this example, it is possible to find the Service ID in the 'ID' section of SD-WAN Rules as shown below:

config system sdwan

    config service
        edit 3
            set name Internet
            set dst "all"
            set src "all"
            set priority-members 1
        next
    end
end

To find the member, run the following command:

config sys sdwan
config members
show

The following output will be seen:

In the above output, port 7 has a member sequence of 4.

Another useful command to check which SD-WAN rule will be matched for specific traffic is as follows:

diagnose ip proute match <destination ip> <source ip> <incoming interface> <proto> <destination port number>

For example:

diagnose ip proute match 8.8.8.8 192.168.1.111 internal1 6 443
dst=8.8.8.8 src=192.168.1.111 smac=00:00:00:00:00:00 iif=8 protocol=6 dport=443
id=7f000002 type=SDWAN
seq-num=2 oif=5(wan1)

Checking the SD-WAN Rules hierarchy in the GUI will reveal which rule was matched [ID number 2]: