Configuring Dynamic Application Steering on FortiGate for Cost and Quality Efficiency

Published on: 01-09-2025 By Bharat Dhasmana

Introduction

In an era where application performance can directly impact business success, optimizing your network for cost and quality efficiency is crucial. FortiGate's dynamic application steering using SD-WAN is a powerful tool that allows you to manage network traffic effectively. In this guide, we'll explore how to configure application steering for both cost efficiency and quality assurance using FortiGate's SD-WAN capabilities.

Purpose of Configuration

The primary goal is to route business-critical applications through the most cost-effective links while maintaining quality. Non-business traffic, however, benefits from the best available quality link for optimal performance.

Configuring in the GUI

Setup SD-WAN Members

  1. Go to Network > SD-WAN.
  2. Add port1, port2, and port3 as SD-WAN members representing DIA_1, DIA_2, and MPLS respectively. Set their costs: DIA_1 and DIA_2 to 0, and MPLS to 20.

Creating SD-WAN Rules for Business-Critical Applications

  1. Navigate to SD-WAN > SD-WAN Rules.
  2. Click Create New and name it BusinessCriticalApps.
  3. Set Source to all, and Application to include Microsoft.Office.365, Google.Docs, Dropbox, and SIP.
  4. Select Lowest Cost (SLA) for Outgoing Interfaces.
  5. Create the Required SLA target for SLA checks by selecting Ping and adding up to two servers like office.com and google.com.
  6. Configure parameters such as disabling Latency and Jitter thresholds, setting Packet loss to 1 for cost preference.

Creating SD-WAN Rules for Non-Business-Critical Applications

  1. Return to SD-WAN Rules and create a new rule named NonBusinessCriticalApps.
  2. Set the Source to all, and Application to Facebook and Youtube.
  3. Select Best Quality as the Outgoing Interfaces criteria.
  4. Configure the performance SLA profile by choosing latency as a Quality criteria.

Configuring in the CLI

Setting SD-WAN Members

config system interface
edit "port1"
set alias "DIA_1"
set role wan
next
edit "port2"
set alias "DIA_2"
set role wan
next
edit "port3"
set alias "MPLS"
set role wan
next
end

Creating SD-WAN Rules

config system sdwan
config health-check
edit "BusinessCriticalApps_HC"
set server "office.com" "google.com"
set members 1 2 3
config sla
edit 1
set link-cost-factor packet-loss
set packetloss-threshold 1
end
next
end

Service Setup for Priority Based Routing

config system sdwan
config service
edit 4
set name "NonBusinessCriticalApps"
set mode priority
set src "all"
set internet-service enable
set internet-service-app-ctrl 15832 31077
set health-check "NonBusinessCriticalApps_HC"
set priority-members 1 2
end
end

Verification

To ensure your SD-WAN configuration is working as expected, verify the health checks and rule activations using the GUI or diagnose sys sdwan commands to check the state and performance of your connections, applications, and rule hit counts.

Conclusion

By following these steps, you'll be able to efficiently steer your application traffic on a FortiGate device using dynamic SD-WAN configurations, ensuring optimal performance for both business-critical and general use applications.