Hot!PBR on a SD-WAN interface

Author
Lukevador
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/10/08 01:30:54
  • Status: offline
2020/10/08 01:49:57 (permalink)
0

PBR on a SD-WAN interface

Hi everyone,
 
I got this fortigate in my company with wan1 as a default route, I was able to create a sdwan link with wan2 and an some other port.
The sdwan gonna be the path to internet for a very specific segment. the other must go out from wan1 
I was counting to do that by policy based route but i found out it's not possible since the sdwan is not listed in the outgoing port in the PBR.
Now I'm trying to route this specific segment to internet without having to change the default route to point at my sdwan so I could let wan1 be the default path to internet for others segments.
 
Anyway to acheive that.
 
I got a Fortigate 8200D with v6.2.4
 
Thanks to you All
 
Luke
 
post edited by Admin_FTNT - 2020/10/08 02:12:56
#1

2 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 5791
    • Scores: 381
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: PBR on a SD-WAN interface 2020/10/08 07:53:33 (permalink)
    0
    You bill SDWAN rules for this , select whatever src/services/etc.... and route that to whatever ISP over that sdwan member-link.
     
     
    https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/716691/wan-path-control
     
    Ken  Felix

    PCNSE 
    NSE 
    StrongSwan  
    #2
    Lukevador
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/10/08 01:30:54
    • Status: offline
    Re: PBR on a SD-WAN interface 2020/10/12 01:31:59 (permalink)
    0
    Hi Ken,
     
    Thank you for the replay, I already did the SD-WAN rules by selecting my segment as the source. In spite of that, the route in this rule  didn't match and the traffic still uses the non-sdwan interface (wan1) as the outbound interface. 
    I also add "set default enable" and "set gateway enable" in this rule, which didn't change much.
     
    Luke
    #3
    Jump to:
    © 2020 APG vNext Commercial Version 5.5