Configuring Dynamic Application Steering on FortiGate for Cost and Quality Efficiency
Introduction
In an era where application performance can directly impact business success, optimizing your network for cost and quality efficiency is crucial. FortiGate's dynamic application steering using SD-WAN is a powerful tool that allows you to manage network traffic effectively. In this guide, we'll explore how to configure application steering for both cost efficiency and quality assurance using FortiGate's SD-WAN capabilities.
Purpose of Configuration
The primary goal is to route business-critical applications through the most cost-effective links while maintaining quality. Non-business traffic, however, benefits from the best available quality link for optimal performance.
Configuring in the GUI
Setup SD-WAN Members
- Go to Network > SD-WAN.
- Add port1, port2, and port3 as SD-WAN members representing DIA_1, DIA_2, and MPLS respectively. Set their costs: DIA_1 and DIA_2 to 0, and MPLS to 20.
Creating SD-WAN Rules for Business-Critical Applications
- Navigate to SD-WAN > SD-WAN Rules.
- Click Create New and name it BusinessCriticalApps.
- Set Source to all, and Application to include Microsoft.Office.365, Google.Docs, Dropbox, and SIP.
- Select Lowest Cost (SLA) for Outgoing Interfaces.
- Create the Required SLA target for SLA checks by selecting Ping and adding up to two servers like office.com and google.com.
- Configure parameters such as disabling Latency and Jitter thresholds, setting Packet loss to 1 for cost preference.
Creating SD-WAN Rules for Non-Business-Critical Applications
- Return to SD-WAN Rules and create a new rule named NonBusinessCriticalApps.
- Set the Source to all, and Application to Facebook and Youtube.
- Select Best Quality as the Outgoing Interfaces criteria.
- Configure the performance SLA profile by choosing latency as a Quality criteria.
Configuring in the CLI
Setting SD-WAN Members
config system interfaceedit "port1"
set alias "DIA_1"
set role wan
next
edit "port2"
set alias "DIA_2"
set role wan
next
edit "port3"
set alias "MPLS"
set role wan
next
end
Creating SD-WAN Rules
config system sdwanconfig health-check
edit "BusinessCriticalApps_HC"
set server "office.com" "google.com"
set members 1 2 3
config sla
edit 1
set link-cost-factor packet-loss
set packetloss-threshold 1
end
next
end
Service Setup for Priority Based Routing
config system sdwanconfig service
edit 4
set name "NonBusinessCriticalApps"
set mode priority
set src "all"
set internet-service enable
set internet-service-app-ctrl 15832 31077
set health-check "NonBusinessCriticalApps_HC"
set priority-members 1 2
end
end
Verification
To ensure your SD-WAN configuration is working as expected, verify the health checks and rule activations using the GUI or diagnose sys sdwan commands to check the state and performance of your connections, applications, and rule hit counts.
Conclusion
By following these steps, you'll be able to efficiently steer your application traffic on a FortiGate device using dynamic SD-WAN configurations, ensuring optimal performance for both business-critical and general use applications.