Technical Tip: Steer the Application traffic with SD-WAN rule

rtichkule · ‎08-16-2023

Description

This article describes how to enable application traffic with an SD-WAN rule in FortiGate.

Scope

FortiGate.

Solution

For well-known applications, FortiGuard services and SD-WAN rules can be used to direct traffic per application or application category.

The visibility of application detection is disabled by default in the FortiGate GUI.
The option to select an application in the destination is not available in the GUI. Only the possibility to select Address and Internet are available, as shown in the picture below.

Screenshot 2023-08-16 111902.png

Enable the feature visibility in the CLI by using the following global command:

set gui-app-detection-sdwan enable

Screenshot 2023-08-16 112034.png

After enabling the functionality in the CLI, the field is visible for selecting applications, application categories, or groups of applications as SD-WAN rule destination criteria for IPv4 rules.

Screenshot 2023-08-16 112126.png

For application-based SD-WAN steering, application control needs to be enabled in the firewall policy. It is possible to find more information about application control in the below document:

Application control

mhemambika · ‎08-16-2023

Great Information!!!