Configuring Manual Strategy in FortiGate SD-WAN
Introduction
In a world where network efficiency is paramount, understanding the manual strategy in FortiGate's SD-WAN configuration is key. This guide will help you set up a manual strategy that maximizes bandwidth, provides app-aware routing, and allows BGP-tag routing, all without relying on SLA-based health checks.
Understanding Manual Strategy
In manual mode, FortiGate foregoes health checks, making decisions based on a pre-defined logic rather than dynamic intelligence. This feature makes manual rules similar to traditional policy-based routes, but with enhanced capabilities such as application-aware routing.
Key Components of a Manual Strategy Rule
- Interface Preferences: Define which interfaces are used and their priority.
- Load Balancing: Distribute traffic using a load balancing algorithm.
FortiOS 7.4.3 introduces an evolved load balancing strategy, moving beyond maximum bandwidth approaches used in earlier versions.
Configuring Manual SD-WAN Rules via GUI
- Navigate to Network > SD-WAN in your FortiGate dashboard.
- Select the SD-WAN Rules tab and click Create New.
- Set the options as follows:
- Name: Type a name for the rule.
- Source: Optionally specify a Source address/User group.
- Destination: Use an Address object, Internet Service, or Application.
- Zone preference: Specify SD-WAN interfaces/zones and their order of preference.
- Click OK to create the rule.
Configuring Manual SD-WAN Rules via CLI
Use the following commands to configure manual rules:
config system sdwanconfig members
edit 1
set interface "wan1"
next
edit 2
set interface "wan2"
next
end
config service
edit 1
set name "manual"
set mode manual
set priority-members 2 1
set dst "DC_net"
set hold-down-time 60
next
end
end
The command set mode manual is inherent, as manual mode is default.
Implementing Load Balancing Without SLA Targets
FortiGate allows load balancing in manual mode without SLA targets by enabling Load Balancing. You can choose from several algorithms:
- Round-robin: Traffic evenly distributed in circular order.
- Source IP-based: Traffic directed to the same interface.
- Source-dest IP-based: Specific paths based on source and destination.
- Inbandwidth, Outbandwidth, Bibandwidth: Distributes traffic based on bandwidth availability.
Populate bandwidth values through interface speedtest results.
Enabling Load Balancing in GUI
- Go to Network > SD-WAN.
- Click Create New, set Interface selection strategy to Manual.
- Enable Load balancing and configure the remaining options.
- Click OK.
Enabling Load Balancing via CLI
config system sdwanconfig service
edit 1
set name "manual"
set mode manual
set load-balance enable
set hash-mode round-robin
set priority-members 2 1
set dst "DC_net"
set hold-down-time 60
next
end
end
Conclusion
Mastering the manual strategy in FortiGate's SD-WAN empowers administrators to design highly customized and efficient network pathways without relying on SLA targets. Whether using the GUI or CLI, these configurations offer a robust framework for optimizing network performance, ensuring seamless connectivity across your enterprise's digital architecture.
For more details, refer to the official Fortinet documentation at here.