FirewallFortinet

Dynamic Path Selection in Fortinet SD-WAN

Sanjay Seth
June 30, 2025
255 0
0
115
3
Shares
Ensure the best WAN path for every application with dynamic SD-WAN routing.

Dynamic Path Selection in Fortinet SD-WAN Technology

OK, this is Sanjay Seth — yup, the very same nerdy network admin from 1993 (before most of you were even born, I suspect). As I type this out, high on my third cup of coffee and buzzing from DefCon’s hardware hacking village — talk about eye-opening stuff! But enough talk. Today, I want to take you behind the scenes of dynamic path selection in Fortinet SD-WAN technology — the shortcut the nature of the tech I’ve been slinging in the trenches (and, real talk, is probably the most beautiful weapon cavity of modern network performance and security).

If you’ve ever administered WAN links or struggled with routing problems, you know how critical it is to choose a path—not just any path—on which to dump your packet. The line snaked out the door and I had to squeeze past other shoppers to get my paper. Alas, I had the limited one-coupon-per-customer and I wasn’t even wearing running shoes. The human being who had the unfilled coupon on his person was apologetic — he even said, Sorry, Joe, though my name is not tied to Nothing at all. What can I say? I admit I believed I would emerge a winner. And for many in Oklahoma, Trump was indeed a winner. Their cap metro system has worked! It’s back to the future for Texas, which – according to Governor-elect Greg Abbott and new lieutenant governor Dan Patrick, who have pledged radically conservative transformation – will be led backwards into the good old days, when insurance companies raked in 20 percent profit margins, when teachers were at the bottom of the pay scale and when college graduates were at the top of the debt scale. Bad math, I know.

I always felt sorry for poor people (I was well-off), but I was raised to believe that the best way to help them was to put poor people to work, give them spending money and hope they escape the poverty trap. Here’s the deal: When I assisted three large banks with upgrading their zero-trust architecture more recently, it exposed a common challenge – selection of the best path, given a set of network conditions. Fortinet’s SD-WAN nailed it.

Path Monitoring

Dynamic path selection begins by monitoring all of the paths on your network rather closely — think of it as having a personal network health inspector for each and every road your traffic could drive down.

I remember the early days — we would monitor infrastructure using ancient SNMP tools and pray that they would alert us to issues before all hell broke loose. Now, with Fortinet, path monitoring is built in, continuously checking performance:

  • Latency (where is the car, how fast is it moving)
  • Jitter (body shakes, jumps and bumps in the road)
  • Packet loss (the embarrassing pothole where your data drops in and nothing comes back out)

This isn’t guesswork. These KPIs are thoroughly monitored in real-time by Fortinet.

And that’s a good thing because WAN conditions do not remain static. For the same reason a highway can be wide open at 8 AM but jammed at 5 PM, your WAN links are a moving target, and especially so if you’re using broadband or LTE links in combination with MPLS.

SLA-Based Routing

One of my personal favorites – and yes, I do tend to get a bit geeky here – would be SLA based routing.

When PJ Networks sets up a Fortinet SD-WAN system for a client (a bank among others), it sets strict thresholds — known as SLAs (Service Level Agreements). Here’s what we monitor:

  • Maximum allowable latency
  • Packet loss percentage
  • Jitter thresholds

If anything doesn’t meet those standards, Fortinet diverts traffic automatically — end of discussion. It’s the equivalent of asking your GPS to avoid routes where traffic is delayed by more than 5 minutes.

This policy kinda tuning is critical —otherwise you’re rolling the dice with your critical traffic. Imagine making a sensitive bank transaction over a dubious link simply because it was set as default! No thanks.

Health Checks

But wait, there’s more.

Fortinet SD-WAN goes much more in depth with its health checks than just a standard ping or traceroute. These probes are application-level, too, and verify the service at the other end is reachable and answering.

Here’s the deal — when I first got into networking, if a link was up up, that was good enough. That’s not good enough anymore.

We customize these health checks to our clients’ critical apps for PJ Networks 24×7 monitoring. For banks, it could be checking for database response times, or the health of the API — because the green light on the router does not mean your app is functioning.

Failover

Failover isn’t just a buzzword. It’s the safety net that separates the good from the pro.

And if one of those WAN links goes belly-up, thanks to Fortinet’s SD-WAN, your traffic is automatically and instantly rerouted over healthier links—without requiring a response from you. I compare this to the driver who immediately swerves onto the shoulder to avoid debris. Fast, continuous and largely imperceptible to users.

I’ll acknowledge I’ve been on a number of networks where in the early 2000s failover took minutes — or, worse, manual intervention. And when you’re backing zero-trust architectures — like we have recently for those banks — every millisecond matters.

What’s clever about Fortinet here is that it’s taking it a step further and combining path monitoring and SLAs in order to trigger failover only when it needs to happen — and not too early or too late.

Policy Tuning

This is where the real story begins — and this is where you’d see me rapidly veer into diatribes about password policies (another time, I promise).

Dynamic path selection is about more than just taking the fastest or healthiest path. It’s about business priorities. With Fortinet SD-WAN you can create policies based on:

  • User identity
  • Application type
  • Security posture
  • Time of day (yes, really)

Such as if you are in a bank’s network:

  • It assigns to critical applications, such as payment processing, the highest priority and the lowest latency paths.
  • Less important traffic — like email or internal chats — can take slower or higher latency connections.

And PJ Networks ensures that these policies aren’t one-and-done. We are constantly watching and tuning, because networks change just like traffic moves around the real world roads.

Seriously, abstaining from fine-turning the policies is as if you had bought a Lamborghini, but you never changed the oil in it. Sure, it runs—but not optimally.

PJ Networks Support

Now, I would be doing a diservice if I didn’t mention that PJ Networks not only deploys these technologies but they don’t stop there.

We provide 24×7 monitoring and policy tuning. This translates with Fortinet SD-WAN dynamic path selection to:

  • Constantly validating SLAs
  • Adapting thresholds as applications and threats change over time
  • Being primed to jump on unplanned outages (yep, much like I did during Slammer worm madness in the day)

You can’t throw the baby (performance) out with the bath water (security). PJ Networks’ method means our clients’ SD-WAN is licensed to run, and stays secure. What’s the use of quick routes if they end up inside a security hole, after all? No thanks.

Quick Take

  • Dynamic path selection: Fortinet SD-WAN optimizes network traffic by choosing the best path for the traffic to reach its destination – not just the closest path.
  • Path monitoring continuously measures latency, jitter and packet loss in real time — kind of like a health check for your data highway.
  • No Some traffic goes on the wrong path, thanks to hard-core SLA routing. PJ Networks establishes these SLAs according to actual business requirements.
  • Health checks are more than just basic link status, but rather assess app-level availability.
  • Failover happens automatically and you’ll never notice the switch to a backup link again.
  • Policy Tuning – Personalize the way you choose paths so it makes the most sense for your business!
  • PJ Networks offers continued management tuning and monitoring, so your SD-WAN continues to perform and deliver secure services.

Final Thoughts

I’ll admit — in the era when I startd (yes, typo, ssssh) networking, we didn’t have slick tech like that. If our mux didn’t even crash it was like a lottery. Slammer worm? I experienced that first hand, I was scrambling to get our voice and data mux up over PSTN.

Your network needs to be flexible, secure, and intelligent in today’s world. Dynamic path selection in SD-WAN is not just some glittery buzzword for Fortinet, it’s business. And if your cybersecurity consultant (ahem — me) isn’t pushing you on it, well, maybe you need a second opinion.

It’s my stubborn opinion — no one will be happy to hear this — that we’re leaning too heavily on AI-powered this and that without quite enough experience. Fortinet’s strategy is simple, yet cunning. It responds to actual metrics, not simply to hype.

If you want to discuss further implementation or need some assistance with fine tuning your WAN policies, PJ Networks has been in the rodeo since the 90s and are still eager to jump in – shoot me a line if you’d like to discuss.

But for now — time to drink my fourth coffee.

Sanjay Seth
P J Networks Pvt Ltd
I am a cybersecurity consultant from the dial-up and modems era

Sanjay Seth

Sanjay Seth

What's your reaction?

Related Posts

1 of 269
© 2026 Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog - Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog by Sanjay Seth.
© 2026 Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog - Fortinet Firewall CyberSecurity Networksecurity PJNetworks NAC Solution Blog by Sanjay Seth.