Technical Tip: How to use SD-WAN rule input-device

syao · ‎10-10-2024

Description

This article describes how to use the SD-WAN rule input-device feature so that the SD-WAN rule would only take effect if the incoming traffic hits the specific interface.

Scope

FortiGate v6.4, v7.0, v7.2, v7.4, v7.6.

Solution

In the following diagram, FortiGate will route the traffic of PC1 to ISP1 and the traffic of PC2 to ISP2 using an SD-WAN input-device.

Create SDWAN rule for both PC1 and PC2:

config sys sdwan
config service
edit 1
set name "To_ISP1"
set input-device "port3"
set dst "all"
set src "all"
set priority-members 1
next
edit 2
set name "To_ISP2"
set input-device "port4"
set dst "all"
set src "all"
set priority-members 2
next
end
end

Make sure that there is a firewall policy allowing the traffic referencing the SD-WAN zone:

config firewall policy
edit 1
set name "Allow_INTERNET"
set uuid 0b74477c-86b3-51ef-70d8-fffc8b0f577d
set srcintf "port3" "port4"
set dstintf "virtual-wan-link"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
next
end

Verification for PC#1:

Verification for PC#2:

Technical Tip: How to use SD-WAN rule input-device

You are leaving our website