Next Generation Firewall (NGFW)

Expand all | Collapse all

Routing Traffic through SD-WAN

  • 1.  Routing Traffic through SD-WAN

    Posted Apr 04, 2019 10:30 PM
    Have a fortiGate device with two different ISPs connected via SD-WAN.   I would like to route all social media traffic (netflix, hbo, facebook, etc...) out the ISP connected that has less bandwidth and keep the faster pipe for work related items.   However, if anyone of the connections goes down...automatically route all traffic out the "up" connection.

    How do you use policy route to route the social media traffic out the slower pipe?

  • 2.  RE: Routing Traffic through SD-WAN

    Posted Apr 05, 2019 02:22 AM

    From my point of view, you can't do it easier.

    What is your FortiOS ?

    Since FortiOS 5.6, you can make policy routing based on FQDN (be carefull, FQDN only and not wildcard FQDN). Maybe check is needed if you can do it based on "internet services" on FortiOS 6.X (not possible in 5.6).

    Best regards,

  • 3.  RE: Routing Traffic through SD-WAN

    Posted Apr 08, 2019 04:19 AM
    Hi Norman,

    Under "Network" >> "SDWAN Rules" you can specify rules based on Protocol and Service Type, or you can specify based on "Internet services" like Amazon AWS, Facebook-web, Facebook-watsapp etc. For each rule you can specify the WAN interface to access the internet. ie you can specify which all services can be access through each interface.

    A user can be made to access Microsoft Outlook through WAN1 and Facebook through WAN2 with SDWAN Rules.  This may serve your purpose. So checkout SD WAN Rules before Policy routes.

    Check out


  • 4.  RE: Routing Traffic through SD-WAN

    Posted Apr 12, 2019 05:46 AM
    SDWAN rules are the solution, you can specify policy routes based on applications to achieve your needs.


    Rony Moussa
    Fortinet NSE Certified: Level 8