1. I try replace 0.0.0.0 -> sd-wan with 0.0.0.0 -> ISP3 and set SD-WAN in Policy Routes. But I cant add SD-WAN interface in Policy Routing Rules. Only per interface. So that is not solution.
- You cannot apply an SDWAN interface on a Policy Route in FortiGate, but you may utilize one while configuring it with the respective VPN interface.
Policy routes are prioritized over all other routes in the routing database. FortiGate will first check conventional policy routes first, then SDWAN policy routes (if any), and finally the routing table.
2. I try add ISP3 to member sd-wan, and used sd-wan rules. But If I make this, I cant use independent interface ISP3 to Firewall Policy. Also not solution.
- SDWAN is separated into zones if you are currently using FortiOS 6.4.1 or above. SDWAN member interfaces are assigned to zones, and zones can be used as source and destination interfaces in policies.
Multiple zones may be defined to group SDWAN interfaces together, providing the logical groupings for overlay and underlay interfaces. Zones are used in firewall rules to provide granular control. Members of SD-WAN cannot be utilized directly in policies.