Configure SD-WAN

In Fireware v12.3 or higher, you can configure Software-Defined WAN (SD-WAN) on your Firebox. To configure SD-WAN:

  • Configure Link Monitor targets (recommended)
  • Add an SD-WAN action
  • Configure a policy to use the SD-WAN action

For detailed information about how SD-WAN works, see About SD-WAN.

To configure Link Monitor targets, see Configure Link Monitor.

For a configuration example, see SD-WAN Failover from an MPLS Link to a BOVPN Virtual Interface Tunnel.

SD-WAN actions apply to new connections that initiate traffic. SD-WAN actions do not apply to reply traffic. You cannot use SD-WAN actions to force reply traffic out of a specific interface.

Add an SD-WAN Action

In an SD-WAN action, you specify which interfaces participate in the action. The interfaces you select determine whether you can configure metric-based failover and select failback options. For more information about failover and failback settings and restrictions, see About SD-WAN.

Configure a Policy to Use an SD-WAN Action

In the settings for a policy, you can select to add or create an SD-WAN action.

In Fireware v12.3 or higher, SD-WAN replaces policy-based routing. In Fireware v12.2.1 or earlier, to route traffic to a different external interface, you must use policy-based routing. When you upgrade to Fireware v12.3 or higher, policy-based routing without failover is converted to an SD-WAN action with a single interface. Policy-based routing with failover is converted to an SD-WAN action with multiple interfaces. In Policy Manager, the policy-based routing setting is still available for backwards compatibility with older Fireware OS versions. For more information about policy-based routing, see Configure Policy-Based Routing in Fireware v12.2.1 or lower in the WatchGuard Knowledge Base.

See Also

About SD-WAN

Interpret SD-WAN Monitoring Data

SD-WAN Status and Manual Failback (Web UI)

Interface Information and SD-WAN Monitoring

SD-WAN Monitoring, Status, and Manual Failback (Firebox System Manager)

SD-WAN Failover from an MPLS Link to a BOVPN Virtual Interface Tunnel

About Link Monitor