Configuring Manual Strategy in FortiGate SD-WAN

Published on: 01-12-2025 By Bharat Dhasmana

Introduction

In a world where network efficiency is paramount, understanding the manual strategy in FortiGate's SD-WAN configuration is key. This guide will help you set up a manual strategy that maximizes bandwidth, provides app-aware routing, and allows BGP-tag routing, all without relying on SLA-based health checks.

Understanding Manual Strategy

In manual mode, FortiGate foregoes health checks, making decisions based on a pre-defined logic rather than dynamic intelligence. This feature makes manual rules similar to traditional policy-based routes, but with enhanced capabilities such as application-aware routing.

Key Components of a Manual Strategy Rule

  • Interface Preferences: Define which interfaces are used and their priority.
  • Load Balancing: Distribute traffic using a load balancing algorithm.

FortiOS 7.4.3 introduces an evolved load balancing strategy, moving beyond maximum bandwidth approaches used in earlier versions.

Configuring Manual SD-WAN Rules via GUI

  1. Navigate to Network > SD-WAN in your FortiGate dashboard.
  2. Select the SD-WAN Rules tab and click Create New.
  3. Set the options as follows:
    • Name: Type a name for the rule.
    • Source: Optionally specify a Source address/User group.
    • Destination: Use an Address object, Internet Service, or Application.
    • Zone preference: Specify SD-WAN interfaces/zones and their order of preference.
  4. Click OK to create the rule.

Configuring Manual SD-WAN Rules via CLI

Use the following commands to configure manual rules:

config system sdwan
config members
edit 1
set interface "wan1"
next
edit 2
set interface "wan2"
next
end
config service
edit 1
set name "manual"
set mode manual
set priority-members 2 1
set dst "DC_net"
set hold-down-time 60
next
end
end

The command set mode manual is inherent, as manual mode is default.

Implementing Load Balancing Without SLA Targets

FortiGate allows load balancing in manual mode without SLA targets by enabling Load Balancing. You can choose from several algorithms:

  • Round-robin: Traffic evenly distributed in circular order.
  • Source IP-based: Traffic directed to the same interface.
  • Source-dest IP-based: Specific paths based on source and destination.
  • Inbandwidth, Outbandwidth, Bibandwidth: Distributes traffic based on bandwidth availability.

Populate bandwidth values through interface speedtest results.

Enabling Load Balancing in GUI

  1. Go to Network > SD-WAN.
  2. Click Create New, set Interface selection strategy to Manual.
  3. Enable Load balancing and configure the remaining options.
  4. Click OK.

Enabling Load Balancing via CLI

config system sdwan
config service
edit 1
set name "manual"
set mode manual
set load-balance enable
set hash-mode round-robin
set priority-members 2 1
set dst "DC_net"
set hold-down-time 60
next
end
end

Conclusion

Mastering the manual strategy in FortiGate's SD-WAN empowers administrators to design highly customized and efficient network pathways without relying on SLA targets. Whether using the GUI or CLI, these configurations offer a robust framework for optimizing network performance, ensuring seamless connectivity across your enterprise's digital architecture.

For more details, refer to the official Fortinet documentation at here.