Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cravikumar
Staff
Staff

Created on ‎08-24-2024 05:53 AM

Article Id 336024

Technical Tip: Limit the traffic to only one SD-WAN interface

Description This article describes how to force traffic through only one SD-WAN member and drop if that interface is down/unavailable. In this example, there are two WAN interfaces (port1 and port2), and Netflix traffic is sent only through port2 and if the port2 goes down, the traffic will be dropped. 
Scope FortiGate.
Solution

Step 1: Split WAN ports into two separate zones. Firewall policies for SD-WAN traffic must reference SD-WAN zones and not individual members.

 

1.PNG

 

Step 2: Create an SD-WAN rule to steer Netflix traffic through the port2 interface. 

 

image (21).png

 

Step 3: Create a firewall policy to block Netflix traffic through the port1 interface.

 

image (22).png

 

Verification:

 

Step 4: Now, test the connection.

 

image (23).png

 

Traffic is routed via port2.

 

Step 5: Bring down the port2 interface.

 

image (25).png

 

Step 6: Check again.

 

image (24).png

 

When port2 is down, the traffic is dropped.
Labels:
345
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.