Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
slouw
Contributor

Created on ‎11-18-2023 01:18 AM

How is SD-WAN enabled - Part 2

I know from this post:

How is SD-WAN enabled? 

That there is no explicit command or checkbox to turn on SD-WAN.

Rather SD-WAN action/behaviour is enacted when the various components e.g. SD-WAN zones, rules etc are configured.

Is it true to say then that unless an SD-WAN rule is configured (in addition to the implicit rule that is always present) there is no SD-WAN action or activity? Without at least one properly configured SD-WAN rule all traffic is directed by the routing table (assuming no policy routing is configured)?

Thanks.....

Labels:
440
0 Kudos
5 REPLIES 5
AEK
SuperUser
SuperUser

Created on ‎11-18-2023 02:37 AM

No need to add extra SD-WAN rule to activate SD-WAN, implicit rule will do the job.

Don't forget to add:

  • Default gateway via SD-WAN
  • Firewall policy for internet traffic via SD-WAN interface
AEK
AEK
424
slouw
Contributor
In response to AEK

Created on ‎11-18-2023 02:16 PM

@AEK thanks for reply

"No need to add extra SD-WAN rule to activate SD-WAN, implicit rule will do the job."

So SD-WAN can in fact be active, overriding the routing table with only the implicit rule in place?

387
0 Kudos
esalija
Staff
Staff

Created on ‎11-18-2023 05:48 AM

Hi @slouw 

 

SD-WAN rules define specific policy routing options to route traffic to an SD-WAN member. When no explicit SD-WAN rules are defined, or if none of the rules are matched, then the default implicit rule is used.

 

Please follow the doc for more details - https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/216765/implicit-rule

 

Best regards,

Erlin

404
0 Kudos
slouw
Contributor
In response to esalija

Created on ‎11-18-2023 02:27 PM

Thanks @esalija 

"When no explicit SD-WAN rules are defined, or if none of the rules are matched, then the default implicit rule is used."

On a production site I am examining I have only the implicit rule as shown.

I was assuming that this rule does nothing and that all forwarding decisions are a function of the routing table.

What in fact does the implicit rule do exactly?

Thanks again

2023-11-19 08h25m04 Gympie SD-WAN Implicit rule only.jpg

382
0 Kudos
hbac
Staff
Staff

Created on ‎11-18-2023 06:54 AM

Hi @slouw,

 

Consider SD-WAN to be enabled to work properly when: 

 

1. You added one or more wan interfaces to an SDWAN zone. 

2. Your default route is pointing to an SDWAN zone. 

3. Your outbound policies are pointing to an SDWAN zone as outgoing interface and vice versa. 

 

SDWAN rules and performance SLA are optional. 

 

Regards, 

398
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.