Skip to main content
Liza1
Liza1
Explorer II
January 15, 2026
Question

How to Correctly Write SD-WAN Settings

  • January 15, 2026
  • 3 replies
  • 346 views

Hello, I need your help.

Briefly, I have the following problem. I have two WAN links, WAN1 and WAN2. Both of them are added as SD-WAN members. They do not have costs configured, but they do have priorities set: WAN1 has priority 1, and WAN2 has priority 3.

Today, the following issue occurred: when WAN1 was unable to resolve various websites and DNS, the traffic did not switch to the required provider. The main problem is that the system must switch to the secondary provider when the primary provider is not working, and when the primary provider becomes healthy again, it should automatically switch back.

How can this be configured?
Please help me resolve this issue.

FortiGate 

3 replies

brandonziots
brandonziots
Explorer
January 16, 2026

Do you have a health check configured and applied to your SD-WAN rules? If a health check is not configured, the SD-WAN rule will not fail over to the next member unless the WAN interface itself is physically or administratively down.
For more info, see: https://docs.fortinet.com/document/fortigate/7.6.5/administration-guide/867342/performance-sla-overview

joshbergm
joshbergm
Explorer
January 16, 2026

Make sure to use SD-WAN SLA rules and apply them to your SD-WAN Policies.

Also enable snat-route-change and auxillary-sessions on your FortiGate.

 

snat-route-change allows NAT sessions to exit trough the "Active" WAN interface.

auxillary-sessions allow the FortiGate to offload the sessions to the NPU.

GauravPandya
GauravPandya
Explorer
January 16, 2026

Hi,

I am considering you are running on version 7.4.x

 

1. configure SLA performance with ping or https protocol 

e.g protocol - ping, server - google.com

2. create SD-WAN rule, map required SLA target, select "Lowest Cost" as interface selection strategy.

Lowest cost.png

If your interfaces meets SLA performance criteria then it will load balance. If one of interface fails SLA performance criteria then traffic will be diverted to another interface.

Terms & ConditionsAccessibility statement