Technical Tip: FortiGate default SD-WAN health check protocol change after upgrading from FortiOS v7.2.x to v7.4.4 or later
| Description | This article describes a change in behavior where the default FortiGate SD-WAN health check protocol changes from ping to HTTPS after upgrading from FortiOS v7.2.x to v7.4.4 or later, which may cause health check failures. The article also explains how to resolve this issue by creating a custom health check with the protocol set to ping and removing the member from the default health check before upgrading. |
| Scope | FortiGate. |
| Solution | After upgrading to FortiOS v7.4.4 or later, the health check protocol in the default SD-WAN health check configurations, such as 'Default_FortiGuard', 'Default_Google Search', and 'Default_Office_365', changes from ping to HTTPS. This behavior is due to a change introduced in FortiOS patch v7.4.4. There will be no impact on custom health checks.
The health check configuration on FortiOS v7.2.11 is as follows:
config health-check
After upgrading to FortiOS v7.4.11, the health check protocol changes to 'HTTPS'.
config health-check
Due to this behavior change, health check failures may be observed after upgrading. This applies to the default health check, and there will be no impact on custom health checks.
To upgrade without any impact, create a new custom health check with the protocol set to ping, remove the interface member from the default health checks 'Default_FortiGuard', 'Default_Google Search', and 'Default_Office_365', and then upgrade to the latest patch. |