Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
adminuniscan
New Contributor

is it possible to do multiple sd -wan in one vdom ?

we have 4 providers and we want to divide them into two organizations so that the users of each organization go through their providers.

 

I see a way out in creating another vdom , but I don’t want to do this, maybe there is a simpler option?

5 REPLIES 5
AntonyChen
New Contributor III

if you dont want to split them to seperated vdoms,  you should disable sdwan feature and create firewall policy from lan to seperated wan interface

org1LAN=>wan1

org2LAN=> wan2

you can also enable sdwan, and split one of the interface out of sdwan members, then create seperated policies for this

sagha
Staff
Staff

Hi adminuniscan

 

You can look into sdwan zones: https://docs.fortinet.com/document/fortigate/6.4.2/administration-guide/942095/sd-wan-zones

 

Thanks, 

Shahan

adminuniscan
New Contributor

I think I found the answer to my question, it will be sd-wan rules

AntonyChen

okay, if you only want routing traffic base on source/destination, it's enough

sagha
Staff
Staff

Hi adminuniscan

You can use sdwan rules to steer traffic towards required sdwan interface: 
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/716691/wan-path-control

 

However, please be aware that if wan connectivity fails via one organization, you have firewall policies in place to deny traffic via other sdwan interfaces. There is implicit allow rule which might match at the end incase of issue. So it would makes sense if you use sdwan rules in combination with sdwan zones and ensure that firewall policies are in place to deny traffic. 

 

Thanks, 
Shahan

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors