I am new to Fortinet firewalls. In my scenario I have two WAN links. I need to configure a dedicated WAN link only for Office 365 traffic. How can I do that, Do I need to configure "static internet service routes" or SD WAN? I configured both options in lab environment but it did not work.
I would really appreciate if you can help me on this.
if you do not want to use sd-wan you could just create a second internet policy that matches all office365 traffic and make sure that it comes before your usual internet policy. Since Policies are exempt top down that would make all traffic to o365 hit that policy only.
if you use sdwan you cannot do this way since you no longer can access the physical wan interfaces in policies once they are members of the sd-wan.
In this case you have to do it the way Yurisk wrote.
Sd-wan config is rather easy. Just enable it and add your WAN interfaces to itl. If you have WAN with static ip setup on the FGT interface make sure to also add the gw in sd-wan.
I'd also recommend to set up some health check for sd-wan.
then change all internet policies to use sd-wan as dest interface.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Here is what I did when configuring SD-WAN to configure a dedicated link to Office365 traffic.
1. Configured SDWAN Zone
2. Added WAN interfaces as members to SDWAN Zone.
3. Configured SLA.
4. Configured SDWAN rule with Office365 applications control.
5. Configured security policy adding SDWAN interface for outgoing interface.( Did not add anything in the application section in the policy i.e. allowed all )
Then I checked whether set up is working. But it still did not work since I could browse all the traffic. Then I added Office365 application control to security policy , then I wasn't able to access login.microsoftonline.com or any other website.
Please note when I tried to add a default route with SDWAN interface it did not work.
Please let me know, where could I have gone wrong. I am doing these configurations in my laptop using a simulator.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.