Question
Load Balance over IPSec Tunnels within SDWAN
Hi Fellows,
Got a FortiGate in a very remote site with 2 x WANs over Starlink ( 3rd WAN over 4G but not in use at the moment) and 4 overlay IPsec tunnels . Wanted to load balance traffic over the IPSec tunnels. But it seems it does not work as excepted and traffic is going through the only the first tunnel TNL1_CWLD.
config system sdwan
set status enable
set load-balance-mode usage-based
config zone
edit "virtual-wan-link"
next
edit "To_CloudWorkLoad"
next
edit "Internet"
next
Config members
edit 1
set interface "wan1"
set zone "Internet"
next
edit 2
set interface "wan2"
set zone "Internet"
next
edit 3
set interface "TNL1_CWLD"
set zone "SDWAN_CloudWorkLoad"
next
edit 4
set interface "TNL2_CWLD"
set zone "To_CloudWorkLoad"
next
edit 5
set interface "TNL3_CWLD"
set zone "To_CloudWorkLoad"
next
edit 6
set interface "TNL4_CWLD"
set zone "To_CloudWorkLoad"
next
end
edit "SLA"
set server "1.0.0.1 8.8.4.4"
set failtime 3
set recoverytime 20
set members 3 4 5 6
config sla
edit 1
set link-cost-factor latency packet-loss
set latency-threshold 85
set packetloss-threshold 10
next
end
next
config service
edit 1
set name "To_CWLD
set mode load-balance
set dst "all"
set priority-members 3 4 5 6
next
any hint what I am missing ?