To determine the type of policy route, we must interpret the specific flags and fields visible in the diagnose firewall proute list (or similar kernel table) output provided in the exhibit
Identify Key Indicators:
The most critical field in the output is vwl_service=1(test123).
It also lists vwl_mbr_seq=1 5.
Decode the Terminology:
vwl: This stands for Virtual WAN Link. In FortiOS, "Virtual WAN Link" is the legacy internal name for the SD-WAN feature. Even in newer firmware versions (7.x), the kernel and CLI debugs often still refer to SD-WAN objects as vwl.
vwl_service: This specifically refers to an SD-WAN Rule (also known as an SD-WAN Service). The name (test123) is the name given to that specific SD-WAN rule by the administrator.
Evaluate the Options:
A & D (Regular Policy Route): Standard policy routes (configured under config router policy) do not carry the vwl_service tag. They are typically identified by simple gateway or interface instructions without the SD-WAN service abstraction.
B (ISDB Route): While SD-WAN rules can use the Internet Service Database (ISDB) as a destination, the structure of the route entry shown here—specifically defined by a vwl_service ID—classifies it fundamentally as an SD-WAN rule, regardless of the destination object.
C (An SD-WAN rule): The presence of vwl_service and vwl_mbr_seq (SD-WAN member sequence) definitively identifies this entry as a rule generated by the SD-WAN subsystem.
Conclusion: The output shows a route controlled by the SD-WAN engine (vwl), confirming it is an SD-WAN rule.
[Reference:, FortiGate Security 7.6 Study Guide (SD-WAN): "In the kernel routing table and debugs, SD-WAN rules are often referenced as vwl (Virtual WAN Link) services. The vwl_service field indicates the specific SD-WAN rule ID and name.", , ]