Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
emmanouilg
Staff
Staff

Created on ‎11-14-2022 05:02 AM Edited on ‎11-14-2022 05:04 AM By Community Manager

Article Id 229792

Technical Tip: Additional configuration when the route check in SD-WAN rules are disabled

Description This article describes the additional configuration needed when the route check-in SD-WAN rules are disabled
Scope FortiGate.
Solution

By default, each SD-WAN rule is expected to have a matching route in the routing table, as the SD-WAN rules operate like Policy Routes.

 

This behavior can be changed by enabling the default and the gateway, which will disable the route check, as per the following documentation:

https://docs.fortinet.com/document/fortigate/6.4.0/sd-wan-deployment-for-mssps/629239/disabling-rout...

 

As FortiGate does not know where to forward the packets after disabling the route check, it is also needed to configure the gateway (next-hop) under the SD-WAN member, as per the following:

 

# config sys sdwan
# config members
    edit X
        set gateway x.x.x.x  <---- Where the packet should be forwarded.

    end
end

 

447
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.