This article is a solution when there is an SD-WAN, and the user wants to allow the traffic to use only a specific link, when this link is down, the firewall should drop the packets instead of allowing them to go to the SD-WAN default policy.
In this example, there is a VoIP subnet that should use the wan1 internet link, and when this link is down, the traffic should be dropped and not use the default SD-WAN policy.
In this scenario, two automation stitches and two firewall policies will be used, but depending on the setup it is possible to accomplish the same with one stitch and one policy.
FortiGate, SD-WAN, Automation stitches.
In order to achieve this objective, it will be necessary to implement two distinct firewall policies and two automation stitches. It is presumed that the SD-WAN configuration has already been completed.