Fortinet SD-WAN rules are used to match and steer traffic to the preferred SD-WAN member(s). The matching criteria are configured within the rule and can be based on standard network information as well as advanced application-aware parameters. The key available criteria include:

Source and Destination IP addresses: Standard Layer 3 identifiers for traffic matching.

Internet Service Database (ISDB): Allows matching traffic destined for well-known cloud applications and internet services (e.g., Microsoft 365, Google Services) without needing to manually maintain IP address lists.

Application Signatures: Utilizes Fortinet's Application Control database to identify and match traffic based on specific application signatures (e.g., Skype, Zoom, SAP).

These three criteria provide granular control for routing traffic based on its source, destination, and application type.

A. Type of physical link connection: This is a property of an SD-WAN member (the outgoing interface), not a criterion used to match incoming traffic within an SD-WAN rule.

D. URL categories: URL categories are part of a Web Filter security profile, which is applied within a firewall policy, not used as a direct matching criterion in an SD-WAN rule.

1. FortiOS 7.0.1 Administration Guide: In the "SD-WAN" chapter, the section on "SD-WAN rules" details the configuration options. The GUI and CLI descriptions for creating a rule explicitly show fields for Source, Destination, and Application. The Destination field includes options for Address and Internet Service. The Application field allows for selecting specific application signatures. (See section: SD-WAN > SD-WAN rules).

2. FortiOS 7.0.0 SD-WAN Deployment Guide: This guide provides examples of SD-WAN rule configuration. In the "Configuring SD-WAN rules for steering traffic" section, it demonstrates creating rules using Internet Service objects, Application Control signatures, and standard source/destination Address objects as the primary matching criteria. (See section: Use Cases > Office 365).