Technical Tip: Optimizing SD-WAN to Route a Designated Device through a Specific WAN Interface

To route a specific device through WAN2 utilizing FortiGate's SD-WAN feature, follow the steps outlined below:

Step 1: Understand the requirements.

• Assume the goal is to route the SMB server through WAN2, even though there is an SD-WAN configuration for both WAN1 and WAN2.

Step 2: Define SMB Server Address

• Navigate to Policy & Objects -> Addresses -> Create New -> Address.
• Create an address for the SMB server.

Step 3: Setup SD-WAN Rule for SMB Server

• Go to Network -> SD-WAN -> SD-WAN Rules.
• Click on 'Create New' or 'Add'.
• Configure the Rule:
  • Source: Set to the IP address of the SMB server.
  • Incoming Interface: The internal (LAN) interface.
  • Destination: Set to 'ALL' or as desired.
  • Protocol: Set to 'ALL' or as desired.
  • Outgoing Interface: Set to 'WAN2'.
• Position the new rule to ensure it takes precedence, either at the top or above any other rule that might match the SMB server's traffic.

Step 4: Define Firewall Policy for SMB Server

• Navigate to Policy & Objects -> IPv4 Policy.
• Create a New Policy:
  • Incoming Interface: The internal (LAN) interface.
  • Outgoing Interface: virtual-wan-link.
  • Source: Address -> Select the SMB server's address defined earlier.
  • Destination: All or as desired.
  • Schedule: Always.
  • Service: ALL or specific services if desired.
  • Action: ACCEPT.
  • NAT: Enable.
• Ensure this policy is placed correctly in the policy order.

Step 5: Testing the Configuration

• After configuring, test the setup by running debug commands:

dia deb res

dia deb dis

dia deb flow filter addr <SMB server's IP address>

dia deb flow trace start 100

dia deb en

• Additionally, from the SMB server, try accessing the internet and monitor the FortiGate logs or the SD-WAN performance SLA monitor. Make sure the SMB server's traffic is routed via WAN2.