This is great. The only improvement I see is to setup the actual outgoing Destination in the Firewall policy rather then just selecting "ALL". This is a best practice so that the SDwan service is only dedicated to that one remote network. If you have two or 3 then maybe selecting ALL makes more sense. Right?
I am not too sure I fully understand your point. Here is a pointer, if the traffic is destined for the internet selecting all as the destination is best since you don't want to create different policy for traffic going to teams, zoom, Facebook, outlook etc. But if you the destination is local, then selecting a single remote network is best practices.
@victorjames6242 You can balance the traffic across both link, you can select both outgoing interface as your interface preferences. The short answer is YES you can use both link simultaneously
Can you add a new ISP to wAN2, while users are currently using WAN1 for internet access ? Will active users notice anything, if I create a SDWAN while they are using WAN1 ? WAN2 is new and nobody is using it yet.
@@619Hiker You can add a new ISP to WAN 2 without losing WAN internet access. As long as the Administrative Distance on WAN 1 is not higher than WAN 2. It should continue to work
When NAT is enabled on a policy you are stating that you need the private IP translated to the public and vice versa. This is mostly used when you intend for that policy to go to the internet. If the traffic is going to the LAN or VLANs only there is no need to enabled the NAT option on the policy.