Failover internet connection using SD-WAN FortiOS 5.6

Fortigate’s SD-WAN can be setup for a failover (redundant) internet link. For example if an organisation has a fibre connection to WAN1 on the Fortigate and a DSL link on WAN2, traffic can be set to use the fibre connection and swap over to the DSL if the fibre is down.

To setup a failover internet connection
1) Enable SD-WAN feature

System > Feature Visibility, toggle SD-WAN interface to on (green)


2) Remove policies that reference WAN interface

Policy & Objects > IPv4 Policy, remove any policies that reference the interfaces that will be added to the SD-WAN as any interface that is used in a policy cannot be added to SD-WAN (or change away to another interace and back to SD-WAN once finished)


3) Create SD-WAN Interface

Network > SD-WAN, click on the enable button. Then click on the Create New button to add the required interfaces. Click on the drop down to change the interface.
Under Load Balancing Algorithm, select Volume and set WAN1 (Fibre) to  1 and WAN2 (DSL) to 0.  This will mean that all internet traffic will go via the Fibre and will swap over to the DSL when the Fibre is not available.

4) Setup SD-WAN status check

This will verify the status of the WAN links and update routing if one goes down.

Network > SD-WAN Status Check,  click on Create New


5) Create Static route via SD-WAN

Network > Static Routes > Create New.  Create a static route going via SD-WAN interface


6) Create Policies to allow traffic out via SD-WAN

Policy & Objects > IPv4 Policy, create a policy to allow traffice out via the SD-WAN interface.


Monitoring SD-WAN

Monitor > SD-WAN Monitor



Leave a Reply