FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 274797
Description This article describes how to set up SD-WAN failover between two/three WAN ports in FortiGate.
Scope FortiGate.


On the FortiGate system, two/three WAN interfaces are correctly set up and linked.


Configuration Steps:

  • Select 'SD-WAN' from the dropdown menu under 'Network' on the menu bar.
  • To create a new SD-WAN member, select 'Create New' button, and select 'member':




  • Create a static route by going to Network -> Static Routes.


MicrosoftTeams-image (7).png



  • To create a new SD-WAN rule, navigate to SD-WAN Rules, and select the 'Create New' button.
  • Give the rule a name, and then choose the relevant WAN interfaces from the list of choices. By placing the WAN interfaces in the desired order, specify the failover order. 
  • Set the desired parameters for the SD-WAN interface selection strategy as Manual.


MicrosoftTeams-image (11).png


  • Apply the modifications after saving the settings.
  • Create the policy to allow the traffic by going to 'Policy & Objects' as follows:





Testing and Monitoring:


It is essential to test and keep an eye on the system after installing SD-WAN failover amongst two/three WAN interfaces to ensure efficacy.


Here are a few suggestions:

Disconnecting one of the WAN interfaces will simulate a connection failure; watch to see if traffic is immediately redirected to the remaining interfaces.


A check sign will be seen beside the selected interface that is processing the traffic. In the below screenshot, it is possible to see that from all 3 interfaces, wan1 is selected as the outgoing interface.




When wan1 is down, the traffic will be processed by wan2:




Track the performance and status of each WAN link by checking the SD-WAN dashboard in the FortiGate administration interface.


Review the SD-WAN logs and reports frequently to spot any problems or irregularities.




Check the WAN interfaces' physical connections and set-ups.
Verify the FortiGate device's firmware version to make sure SD-WAN capability is supported.

Review the load balancing mechanism, connection monitoring, and failover thresholds in the SD-WAN setup settings.
For more information, refer to the FortiGate manual or contact the Fortinet community.


Feel free to open a TAC support case if require any further help.