FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 268998
Description This article describes how to enable application traffic with an SD-WAN rule in FortiGate.
Scope FortiGate.

For well-known applications, FortiGuard services and SD-WAN rules can be used to direct traffic per application or application category.


The visibility of application detection is disabled by default in the FortiGate GUI.
The option to select an application in the destination is not available in the GUI. Only the possibility to select Address and Internet are available, as shown in the picture below. 


Screenshot 2023-08-16 111902.png

Enable the feature visibility in the CLI by using the following global command:


set gui-app-detection-sdwan enable


Screenshot 2023-08-16 112034.png


After enabling the functionality in the CLI, the field is visible for selecting applications, application categories, or groups of applications as SD-WAN rule destination criteria for IPv4 rules.


Screenshot 2023-08-16 112126.png

Screenshot 2023-08-16 112126.png


For application-based SD-WAN steering, application control needs to be enabled in the firewall policy. It is possible to find more information about application control in the below document:

Application control




Great Information!!!