We are considering moving over from the traditional link failover method to using the SD-Wan features of FortiOS 5.6. It can get a complicated when you start throwing in redundant WAN interfaces, redundant IPSEC VPN Tunnels, eBGP, IPv6, etc.
So hopefully this is a simple question. We have a requirement that if the primary WAN link goes down that some of our VLANS do not get any internet. (e.g. complementary wifi, etc) I am able to accomplish this with specific firewall policies to WAN1 and WAN2 interface. However with SD-WAN all policies now go to the new SD-Wan virtual interface.
So how do I accomplish "cutting" off internet access if the primary link fails when using SD-WAN?
FortiGate 400D, (2) 200D, (12) 100D, (2) 60D