service or ports redirection sdwan 6.0

Author
Fullmoon
Platinum Member
  • Total Posts : 870
  • Scores: 13
  • Reward points: 0
  • Joined: 2010/08/02 18:02:10
  • Status: offline
2020/01/14 05:55:05 (permalink)
0

service or ports redirection sdwan 6.0

hi fellas,
 
FGT 501E FOS 6.0.8.
 
I'm trying to swing my outgoing traffic to my multiple wan links.
For example my http/https traffic through wan1 and other ports/services via wan2. Before I was able to achieve this with 1 of my deployment via PBR rules using older FOS.
 
Now with FOS 6.0, Under SD WAN rules you can define only source, Internet Service or Applications and the Outgoing interface.
Upon exploring TS Policy, somehow you can craft the source, service and outgoing interface. Does my idea will work without Traffic Shaper in place in the TS Policy? 
 
Any hint is much appreciated.
 

Fortigate Newbie
#1

1 Reply Related Threads

    Yurisk
    New Member
    • Total Posts : 11
    • Scores: 0
    • Reward points: 0
    • Joined: 2011/12/04 03:30:01
    • Status: offline
    Re: service or ports redirection sdwan 6.0 2020/01/14 07:34:11 (permalink)
    0
    Well, my 2c on this would be:  
    1. PBR is still available, and seems most suitable for the job
    2. SD-WAN rules indeed do not allow services, but if taking risk is OK there is App(Control) signatures to be used for a match and there is HTTP.BROWSER signature that would match browsers but not applications working on http/https ports.
    3. Traffic Shaping Policy rules list the "Outgoing interface" as a requirements in "then" (like action) section but to me seems like a misnomer - did a test now and it did NOT forced traffic to the specified interface, but instead used the interface for matching. So if you try to force some traffic via a specific interface only, TS policy doesn't seem to do that. 
    #2
    Jump to:
    © 2020 APG vNext Commercial Version 5.5