Skip to main content
rcarreras
rcarreras
New Member
April 11, 2018
Question

SD WAN enters in conservative mode for too much traffic

  • April 11, 2018
  • 2 replies
  • 10695 views

Hello,

 

I have a Fortigate 200E with 3 WAN Links grouped in SD WAN virtual interface. Firewall is running FortiOS 5.6.3. The firewall is used for wifi internet access.

 

Today the firewall has dropped SD WAN links with this message : 

 

The member(6) enters into conservative status with limited ability to receive new sessions for too muchtraffic.

The member(3) enters into conservative status with limited ability to receive new sessions for too muchtraffic.

The member(4) enters into conservative status with limited ability to receive new sessions for too muchtraffic.

 

After few minutes the SD WAN link has recovered and working fine again.

 

The firewall is ok with RAM and CPU resources, almost always below 20%, only App control is used ( No Antivirus, Web filtering, IPS, ... )

 

We have between 10000 and 50000 IP sessions shared over SD WAN interfaces. In order to minimize sessions in the firewall we use recursive DNS in internal firewall interfaces, so the clients does not open thousands of DNS sessions.

 

We have opened a support ticket , but waiting for reply.

 

Any idea with this issue? 

 

Best regards,

 

Ricard

 

 

 

    2 replies

    mahesh_secure
    mahesh_secure
    New Member
    April 12, 2018
    Hi Check any system is infected with botnet. This may create lot of session to internet. Regards Mahesh
    SMabille
    SMabille
    New Member
    April 23, 2018

    Hi,

     

    Did you open a ticket or got any explanation for this?

     

    Starting to experience same behavior on 6.0.0 on 60E in lab, very low sessions numbers (~500), no memory or CPU peak at all.

     

    Wondering if it's not an attempt/way to force balancing between the members based on volumes rules.

     

    Thanks,

    Stephane

    akileshc
    Staff
    akileshc
    Staff
    March 10, 2022

    Hello Ricard,

     

    This particular error would be observed when the SD_WAN member/interface has consumed all its allocated volumes (based on the measured-volume load balance algorithm) and to find other members to accept the new sessions(So, the system can keep the volume balanced).

     

    In your case, the SD_WAN member(6/3/4) consumed all its allocated volumes and enters into this represents an informative message about changing the wan link for the next sessions. Since this would work based on the predefined algorithm; we could overcome this scenario by identifying the maximum session initiating sources and creating specific SD_WAN rules with other members/interface, to make sure that the session would be load balanced between another SD_WAN member also.

     

    For more information please refer to the below link:
    http://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-networking/SD-WAN/SD-WAN_load_balancing.htm

    Terms & ConditionsAccessibility statement