| Description |
This article describes how the SD-WAN rule selects the interface to be used when employing the manual interface selection strategy. |
| Scope | FortiGate. |
| Solution |
On FortiGate, PORT 1 and PORT 2 will function as ISP providers, along with PORT 3, designated for LAN traffic.
PORT 1 - 10.47.2.32 PORT2 - 10.47.18.32 Test Machine IP – 10.119.3.61
Here is the SD-WAN Rule setup.
Since PORT1 is ranked higher in interface preference than PORT2, the anticipated behavior is that the SDWANRULE, upon activation, will utilize PORT1 to route the traffic from 10.119.3.61 destined for the internet.
Now, if it was in the PORT 2 position, above PORT 1 in the interface preference of the SDWAN RULE, the expected behavior would involve PORT 2 being employed to perform NAT for the outgoing internet traffic.
Here is the forward traffic log that would show that PORT 2 is used to translate the traffic going out.
Now, if port 2 goes down, despite its higher position relative to PORT 1, PORT 1 will be utilized to perform NAT for outgoing traffic.
To test this, PORT 2 has been disabled.
Here is the screenshot that would show PORT 1 IP is used for NAT traffic going out.
Additional information: To include zone preference in addition to interface preference, the scenario unfolds as follows: Interface preference will supersede zone preference. The same underlying logic applies to zone preference, where the topmost interface is chosen for NATting the traffic.
For example:
The SD-WAN rule prefers the interfaces in the following order:
Related document: |
