We’ve started rolling out SD-WAN setups at all our sites with redundant internet connections. Had a couple of them run into issues connecting to FortiGuard and had to contact support. Here is the CLI they ran.
config system fortiguard set fortiguard-anycast disable set protocol udp set port 53 set sdns-server-ip "184.108.40.206" set interface-select-method sdwan end
This disables the anycast settings, sets the port and protocol and configures FortiGuard to use the SD-WAN interface. What I found out later is that when you disable anycast, you also need to specify an SDNS server for the firewall to update all the security profiles from. The US server is 220.127.116.11.
You also need to update the FortiGate DNS servers to use the SD-WAN connection.
config system dns set primary 18.104.22.168 set secondary 22.214.171.124 set interface-select-method sdwan end