| Description | This article describes how to handle scenarios where the FortiGate SD-WAN member interfaces are up but there is no connectivity to the ISP, causing network issues. |
| Scope | All versions of FortiOS with SD-WAN configured. |
| Solution |
SDWAN Once SDWAN is enabled on FortiGate, traffic will be routed based on the ECMP rule (implicit default policy). More information about ECMP (Equal cost multi-path) can be found in the following link: Equal cost multi-path. Performance SLA is used to measure the health of SD-WAN members. By default, there are six predefined performance SLA profiles available on FortiGate devices. It is important to use an SLA profile (default or a new profile) with the ‘update static route’ option enabled. In case of reachability issues with the ISP, the static route will be removed from the routing table and the traffic will be re-routed to the other SD-WAN member.
On the FortiGate dashboard, go to Network -> SD-WAN -> Performance SLAs and select one of the default performance SLAs.
By default, there is no SD-WAN member selected. Either select members manually or select All SD-WAN Members. Remember to enable the 'Update static route' action.
After this change, the static route will be updated any time there are connectivity issues with the ISP.
Related article: Technical Note: Routing Change and Session Fail-over with SD-WAN |
