Skip to main content
S
sweetkev
New Member
April 28, 2026
Question

Fortigate SDWAN load balancing with 2 fiber circuits and 1 cellular backup

  • April 28, 2026
  • 2 replies
  • 65 views

Hi all, have an HA pair of 120G devices running 7.2.13 that use SDWAN to load balance internet traffic between two different fiber circuits.  I recently added a cellular backup circuit, but because the cellular bandwidth is relatively low and it’s a metered connection I don’t want to add this to the same SDWAN group/rule as the 2 load-balanced fiber circuits (OutboundWAN_loadbalance).  I ended up creating a new SDWAN group (5G_Failover) and all/all rule for the cellular circuit and placed it in the lowest priority position - my objective being that if both fiber circuits go down, traffic will be routed through the cellular backup automatically.  Will this work the way I think it will?  Hoping to get some insight from someone who has set up something similar before I test this.  See screenshot for clarity.

 

 

    2 replies

    funkylicious
    SuperUser
    funkylicious
    SuperUser
    April 28, 2026

    at first glance it should work as intended as long as the performace sla fails on both links.

    i assume that you also have a route in RIB for the 5G connection, a total of 3 default routes.

    "jack of all trades, master of none"
      ezhupa
      Staff
      ezhupa
      Staff
      April 28, 2026

      Hello sweetkev,

      The Performance SLA that you have configured “MeasureAllCircuits”, does it have Update Route enabled?
      If so, when the SLA fails for the WAN1 and WAN2, normally the only available route would be through the other WAN4 (5G one). 
      In that case the route lookup will push the traffic through the 5G interface, so WAN4, and the rule 4 5G_Failover will match.  This is assuming the 3 WANs are in the same SDWAN Zone and there is a default route through that SDWAN Zone configured.

      Hope this helps!

        S
        sweetkevAuthor
        New Member
        April 28, 2026

        Thanks, good catch.  I created a new SDWAN group for the 5G, which was a mistake since my default route is pointing to the SDWAN group with the two fiber circuits.

        I do have “Update route” enabled on that SLA.

        Thanks again!

        ezhupa
        Staff
        ezhupa
        Staff
        April 28, 2026

        You are welcome :)
        If you put them on the same zone, then you should be safe and the setup should work as expected.
        Make sure to check the routing table to see if you have a default route through the 5G line as well.
        To be 100% sure, in a maintenance window or during off business hours you can simulate an outage on the 2 fiber links and see if the route through 5G is active, SDWAN rule through 5G link is being hit and if a test user can access resources in the internet.

          Terms & ConditionsAccessibility statement