Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gayansa
New Contributor

Configuring a dedicate link to Office365 traffic

HI All,

 

I am new to Fortinet firewalls. In my scenario I have two WAN links. I need to configure a dedicated WAN link only for Office 365 traffic. How can I do that, Do I need to configure "static internet service routes" or SD WAN? I configured both options in lab environment but it did not work.

 

I would really appreciate if you can help me on this.

 

Thank you,

Gayan Samarakoon.  

5 REPLIES 5
Yurisk
Valued Contributor

I'll give the direction, details are in the Fortinet docs:

1) Enable SD-WAN, add to it interfaces connecting to the Internet

2) Create SD-WAN rules  in which you create a top-most rule with destination set to ISDB objects representing Office365 and route this traffic to the needed interface as highest priority.

 

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.


All opinions are mine only.
gayansa
New Contributor

Hi Yuriki,

 

Thank you for your reply.

 

Is it possible to let me know detailed steps on configuring SDWAN with Office 365 application control.

 

Thank you,

Gayansa

sw2090
Honored Contributor

if you do not want to use sd-wan you could just create a second internet policy that matches all office365 traffic and make sure that it comes before your usual internet policy. Since Policies are exempt top down that would make all traffic to o365 hit that policy only.

 

if you use sdwan you cannot do this way since you no longer can access the physical wan interfaces in policies once they are members of the sd-wan.

In this case you have to do it the way Yurisk wrote.

 

Sd-wan config is rather easy. Just enable it and add your WAN interfaces to itl. If you have WAN with static ip setup on the FGT interface make sure to also add the gw in sd-wan.

I'd also recommend to set up some health check for sd-wan.

then change all internet policies to use sd-wan as dest interface.

 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

gayansa
New Contributor

Hi All,

 

Thank you for your replies.

 

Here is what I did when configuring SD-WAN to configure a dedicated link to Office365 traffic.

 

1. Configured SDWAN Zone

2. Added WAN interfaces as members to SDWAN Zone.

3. Configured SLA.

4. Configured SDWAN rule with Office365 applications control.

5. Configured security policy adding SDWAN interface for outgoing interface.( Did not add anything in the application section in the policy i.e. allowed all )

 

Then I checked whether set up is working. But it still did not work since I could browse all the traffic. Then I added Office365 application control to security policy , then I wasn't able to access login.microsoftonline.com or any other website.

 

Please note when I tried to add a default route with SDWAN interface it did not work.

 

Please let me know, where could I have gone wrong. I am doing these configurations in my laptop using a simulator.

 

Thank You,

Gayan

 

 

 

 

 

 

gayansa

Hi All,

 

I would really appreciate if you can help me on this issue.

 

Thank you,

Gayan