To configure SD-WAN in the CLI:
- Configure the wan1 and wan2 interfaces:
- config system interface
- edit “wan1”
- set alias to_ISP1
- set mode dhcp
- set distance 10
- next
- edit “wan2”
- set alias to_ISP2
- set ip 10.100.20.1 255.255.255.0
- next
- end
- Enable SD-WAN and add the interfaces as members:
- config system virtual-wan-link
- set status enable
- config members
- edit 1
- set interface “wan1”
- next
- edit 2
- set interface “wan2”
- set gateway 10.100.20.2
- next
- edit 1
- end
- end
- config system virtual-wan-link
- Create a static route for SD-WAN:
- config router static
- edit 1
- set virtual-wan-link enable
- next
- edit 1
- end
- config router static
- Select the implicit SD-WAN algorithm:
- config system virtual-wan-link
- set load-balance-mode {source-ip-based | weight-based | source-dest-ip-based | measured-volume-based}
- end
- config system virtual-wan-link
- Create a firewall policy for SD-WAN:
- config firewall policy
- edit <policy_id>
- set name <policy_name>
- set srcintf internal
- set dstintf virtual-wan-link
- set srcaddr all
- set dstaddr all
- set action accept
- set schedule always
- set service ALL
- set utm-status enable
- set ssl-ssh-profile <profile_name>
- set av-profile <profile_name>
- set webfilter-profile <profile_name>
- set dnsfilter-profile <profile_name>
- set application-list <app_list>
- set logtraffic all
- set nat enable
- set status enable
- next
- edit <policy_id>
- end
- config firewall policy
- Configure a performance SLA:
- config system virtual-wan-link
- config health-check
- edit “server”
- set server “208.91.112.53”
- set update-static-route enable
- set members 1 2
- next
- edit “server”
- end
- config health-check
- end
- config system virtual-wan-link
Results
To view the routing table in the CLI:
# get router info routing-table all
To diagnose the Performance SLA status:
# diagnose sys virtual-wan-link health-check