Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ddskier
Contributor

Moving to SD-Wan from Traditional Link Failover

We are considering moving over from the traditional link failover method to using the SD-Wan features of FortiOS 5.6.    It can get a complicated when you start throwing in redundant WAN interfaces, redundant IPSEC VPN Tunnels,  eBGP,  IPv6, etc.

 

So hopefully this is a simple question.   We have a requirement that if the primary WAN link goes down that some of our VLANS do not get any internet.  (e.g.  complementary wifi, etc)   I am able to accomplish this with specific firewall policies to WAN1 and WAN2 interface.   However with SD-WAN all policies now go to the new SD-Wan virtual interface.    

 

So how do I accomplish "cutting" off internet access if the primary link fails when using SD-WAN?

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
1 REPLY 1
ddskier
Contributor

FYI - In case anyone else has this question.   You can use policy routes to accomplish this.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Top Kudoed Authors