Does anyone know if the Maximize Bandwidth SLA option is supported in the SD-WAN rules when connecting across tunnels to Zscaler Internet Access (ZIA) Cloud on-ramp? The documentation I've found recommends using Link-Cost for failover between a primary vpn tunnel across ISP1 and a secondary vpn across ISP2. Each to a separate Zscaler Public Edge. I'm trying to build 4 tunnels, 2 from each ISP to each Public Edge, and load balance across all 4. Has anyone attempted this?
The maximum bandwidth option in sdwan load balances the traffic among all the interfaces that satisfy SLAs. This can also be configured without SLA. So basically traffic will be sent out in round-robin manner on all the
participating interfaces. So if this supported by Z-scaler you can configure this on fortigate without any problem.
For further clarification you can read this document : https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/708464
I can't think of any reason why it wouldn't work. But I'm unable to find documentation specific to load balancing to Zscaler Public Service Edge. I would think that each Public Service Edge needs to operate independently from every other Public Service Edge in order to keep traffic separated.
Check if these articles are helpful
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1778 | |
1116 | |
767 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.