Skip to main content
ialhusari93
ialhusari93
Explorer
June 12, 2022
Solved

fortigate 100E sd-wan problem

  • June 12, 2022
  • 3 replies
  • 11562 views

Dears ,


we have two ISP connections wan1 and wan2 which are configured to use SD-WAN on fortigate 100E , we have noticed that there is internet issues over some applications like anydesk connection timeout and slowness once the SD-WAN is on , how can we troubleshoot this further? everything becomes normal again once we turn off the SD-WAN .

 

Regards ,

 

Best answer by sjoshi

Hi ialhusari93,


Thank you for posting to the Fortinet Community Forum.

 

As per your description when you are using SDWAN you are facing issue while using some application and they are getting timeout.

 

Please let me know the SDWAN rule you are using.
When you are disabling the SDWAN then did you check by sending the traffic from both the interface and it was working good from both the interface or single interface.

Try enabling the sdwan and create a new rule and use manual method and sent the traffic via one ISP and check if the issue remains same.

 

Also do the following changes:-

 

config system interface
edit <wan1>
set preserve-session-route en
end

 

config system interface
edit <wan2>
set preserve-session-route en
end

 

Let us know if this helps.

 

Thanks

3 replies

sjoshi
Staff
sjoshiAnswer
Staff
June 12, 2022

Hi ialhusari93,


Thank you for posting to the Fortinet Community Forum.

 

As per your description when you are using SDWAN you are facing issue while using some application and they are getting timeout.

 

Please let me know the SDWAN rule you are using.
When you are disabling the SDWAN then did you check by sending the traffic from both the interface and it was working good from both the interface or single interface.

Try enabling the sdwan and create a new rule and use manual method and sent the traffic via one ISP and check if the issue remains same.

 

Also do the following changes:-

 

config system interface
edit <wan1>
set preserve-session-route en
end

 

config system interface
edit <wan2>
set preserve-session-route en
end

 

Let us know if this helps.

 

Thanks

Thanks, Salon
    ialhusari93
    ialhusari93Author
    Explorer
    June 12, 2022

     

    Dear  ,

     

    Please let me know the SDWAN rule you are using. I am using manual rule as you suggested and sending the traffic through one ISP and As long as the SD-wan is on the slowness is happening on some apps like anydesk ,So to avoid this I have to disable one of the WANs interfaces .

     

    When you are disabling the SDWAN then did you check by sending the traffic from both the interface and it was working good from both the interface or single interface . Without sd-wan the traffic works fine from both WANs

    Can you explain more about the command set preserve-session-route en ?

     

    Thank you

    sjoshi
    Staff
    sjoshi
    Staff
    June 12, 2022

    Hi,

     

    Please find the link for your reference regarding preserve-session-route

    https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-the-preserve-session-route/ta-p/197976

     

    Thanks

    Thanks, Salon
    A
    Anonymous_User
    Contributor
    June 13, 2022

    Hi ialhusari93,
    Some application did not allow their traffic to be load balance due to integrity.

    Session must be maintains on same ISP.
    Example application: Teams meeting, VOIP


    This command:

    config system interface
    edit <wan1>
    set preserve-session-route en
    end

     

    Should fix the issue.

    Else, please configure SDWAN rule for this application to go out to 1 ISP only.

     

     

      ialhusari93
      ialhusari93Author
      Explorer
      June 13, 2022

      Dear Muhammad ,

      configure SDWAN rule for this application to go out to 1 ISP only. I did for my user as shown below but that application still slow and have delay , if I put this command set preserve-session-route en  on my wan interface , how can I disable it just in case it did not work ?

       

       

      zxc.JPG

      A
      Anonymous_User
      Contributor
      June 13, 2022

      Hi ialhusari93,

      Do you mind to share the application that you configured for this source "Ibrahim"?

       

      If you believe this is fortigate issue, can you test your PC directly to the WAN1?

      There are some possibilities for this issue:
      1. Static route is not send to the SDWAN. But to your WAN1 and WAN2 individually.

      2. Policy IPv4 set to WAN1 and WAN2 individually. It should be to SDWAN interface.

      3. Application dependencies is not included on the application list.

      4. DNS issue. Change your PC DNS to 8.8.8.8 for troubleshooting.

      5. ISP issue itself - try to connect direct.

      6. etc

       

      Let me know if you have any questions.

      sw2090
      SuperUser
      sw2090
      SuperUser
      June 13, 2022

      you could look at your session table. Probably you run into similar issues I ran into. I had some sites that use encrypted session cookies which kept throwing ppl out again and again because the sd-wan kept changing the wan interface even though the session still existed and broke the encryption with that. 

      I finally had to except those with some sd-wan rule that forces them to use a speific interface only. 

      Terms & ConditionsAccessibility statement