Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amir_basic
New Contributor

SD-WAN with Policy-Based NGFW mode

Hello everyone,

We are trying to setup SD-WAN on Fortigate 30E device with FortiOs 6.2.3 and 2 PPPOE WAN connections.

One ISP is one WAN port and other ISP is on Port 4 that is setup as WAN interface. Both ISP connections are tested individually and the connection is working as expected.

SD-WAN interface is created with 2 members with same cost (0).

Static route is created to subnet 0.0.0.0/0.0.0.0, interface SD-WAN, Administrative distance 1.

Central SNAT policy is created with Incoming interface: lan, Outgoing interface: both WAN ports, Source address: local subnet, Destination address: all, NAT turned on, IP Pool Configuration: Use Outgoing Interface Address, Protocol: any, Explicit port mapping turned off.

Security policy from lan to SD-WAN is created with Incoming interface: lan, Outgoing interface: SD-WAN, Source address: local subnet, Destination address: all, Schedule: always, Service: ALL, Action: Accept, Inspection mode: Flow-based.

When we set NGFW mode to Profile-based with Central SNAT turned On in System\Settings, SD-WAN works perfectly. Even with the SD-WAN rules, everything works.

When we set NGFW mode to Profile-based an create same security policy, there is no Internet access at all.

Are we missing something or SD-WAN does not work with Policy-based NGFW?

 

0 REPLIES 0