| Description | This article describes how to enable application traffic with an SD-WAN rule in FortiGate. |
| Scope | FortiGate. |
| Solution |
For well-known applications, FortiGuard services and SD-WAN rules can be used to direct traffic per application or application category.
The visibility of application detection is disabled by default in the FortiGate GUI. The option to select an application in the destination is not available in the GUI. Only the possibility to select Address and Internet Service are available, as shown in the picture below.
config system global set gui-app-detection-sdwan enable end
To enable it from the GUI, go to System -> Feature Visibility -> Additional Features and select Application Detection-Based SD-WAN:
After enabling the functionality in the CLI, the field is visible for selecting applications, application categories, or groups of applications as SD-WAN rule destination criteria for IPv4 rules. If the functionality is not visible immediately after the change, it is requested to reload the page or log-out and re-log in to the FortiGate will bring back the feature visible.
Starting from v7.2.1, traffic steering using application categories on the SD-WAN rule destination has been supported. Before v7.2.1, it was only possible to add individual applications.
For application-based SD-WAN steering, application control needs to be enabled in the firewall policy. It is possible to find more information about application control in Application control
Related documents: Allow application category as an option for SD-WAN rule destination Technical Tip: Application Service not available in SD-WAN rules |
