Forti SDWAN Rules-QOS-Management

SDWAN Rules:

SD-WAN rules are used to specify which traffic you want to route through which interface (ISP). This gives great flexibility when configuring how the FortiGate routes traffic. For example, Office 365 traffic can be routed from specific authenticated users through one ISP and route the rest of the Internet traffic through another ISP.

These rules can be configured to use various parameters to match traffic, including source and destination IP addresses, destination port numbers, and ISDB address objects. When the FortiGate matches traffic to a rule, that rule determines which egress interface the traffic takes.

The following are the SDWAN Rule strategies in Fortinet:

Best Quality Strategy

The best quality strategy is based on the performance of the network link. SD-WAN rules are configured dynamically to route traffic through the SD-WAN interfaces that have the best link quality. The FortiGate uses the server information that is configured for link health monitoring against the quality criteria that configured.

The FortiGate can measure link quality based on latency, jitter, packet loss, or bandwidth.

Minimum Quality SLA

The minimum quality SLA strategy uses criteria that you configure to determine which SD-WAN links to use. The FortiGate follows SD-WAN rules to route traffic through the SD-WAN interfaces that meet the latency, jitter, and packet loss criteria that you configure in the SLA targets associated with the rules.

SDWAN Traffic Shaping

Traffic shaping can be applied in Fortigate SD-WAN traffic. If an application is necessary but there is a need to prevent it from impacting bandwidth, a bandwidth limit can be applied to the application instead of blocking it entirely.

For example, it can limit applications used for storage and backup and leave enough bandwidth for more sensitive applications, such as video conferencing.

SDWAN Management

he FortiGate, with its underlying operating system FortiOS, is the basic component of the Secure SD-WAN solution. It is able to stand alone and provide full functionality including NGFW, advanced security features, and SD-WAN capabilities.

Centralized Management

FortiManager then provides the centralized management and orchestration of Secure SD-WAN branch edge devices. An organization’s FortiManager may reside on-premises, in a private cloud, or in public cloud environments. Regardless of location, FortiManager maintains connectivity to each FortiGate device, monitors performance SLAs, and presents a singlepane- of-glass view into global connectivity. It also provides templates for security policy configuration, SD-WAN policy configuration, and performance SLA definition.

Secure SD-WAN administrators only need FortiManager to control their entire deployment. With flexibility to support APIs and Security Fabric Connectors, FortiManager seamlessly integrates into the greater workflow within any organization.

SDWAN Templates for centralized configuration

All Fortigate firewalls can be configured and managed configuration templates. This allows you to significantly reduce your operational expense in device and maintenance.

SD-WAN templates help you do the following:

  • Deploy a single SD-WAN template from FortiManager across multiple FortiGate devices.
  • Perform a zero-touch deployment without manual configuration locally at the FortiGate devices.
  • Roll out a uniform SD-WAN configuration across your network.
  • Eliminate errors in SD-WAN configuration across multiple FortiGate devices since the SD-WAN template is applied centrally from FortiManager.
  • Monitor network Performance SLA across multiple FortiGate devices centrally from FortiManager.
  • Monitor the performance of your SD-WAN with multiple views.

Note: IPsec VPN templates can also be configured in the Fortimanager to configure site-to-site VPN tunnels. Because there are many options to configure when setting up tunnel negotiation, templates reduce the chance for manual mistakes.