New Member

Question

SD-Wan / Load Balancing

Forum|Forum|7 years ago
January 24, 2019
2 replies
19113 views

I have a Fortinet 60D firewall running 6.0.4 firmware. I just added a second ADSL line to the firewall on WAN 2. I currently have a ADSL line on WAN 1. Both ADSL lines have static ip's and the speed is equal on both links. Currently I have get 25mbs down and 2mbs up. I followed the white paper that Fortinet put out reference to SDWAN and configured my firewall the same. In the criteria section I selected volume and gave wan 1 50 percent and wan 2 50 percent to total a 100 percent. From there I configured the policies to use the SDWAN interface.

I have been monitoring both WAN interfaces in the Fortinet dashboard and what I have been noticing is that WAN 1 will have about 20mbs of usage and WAN 2 will be around 1.58kps and this will stay like this for an hour or so and then WAN 2 will have about 20mbs and WAN 1 will be around a couple kps. I was looking at the logs and it doesn't seem that either of my WAN connections are dropping.

I am trying to load balance between both of these WAN connections but it seems not to be working correctly. Is there something I am missing or need to change in my configuration or does Fortinet firewalls don't load balance good.

Thank you in advance

Sincerely,

Richard

Dave_Hall

New Member

Load-balancing in later firmwares suppose to be a lot better than say 5.0.x and under. But I understand load-balancing is still a session-based affair. I don't think there is any way in predetermination as to how much traffic will be transferred over an established tcp (eg. port 80) connection, say downloading large iso files vs someone browsing a website.

That said, I am going to assume that volume-based load-balancing should eventually even out over a longer stretch of time. For better accuracy you will want to set the ingress/outgress values of both WAN interfaces so the fgt will know what the bandwidth limits to expect. And I would check the routing distance on both WAN connections to confirm they are equal.

rpozywakAuthor

New Member

Thanks Dave - I have set bandwidth ingress and outgress for WAN connections and the distance for each connection is set 1. Yesterday I was monitoring that connection periodically and noticed that it would be maxed out at 25mbs and the other wan connection would be sitting at 100kps. and they would flip back and forth which makes no sense at all. I am thinking to change the settings to session base to see if that helps. If it doesn't I might have to invest in an SDWAN product which I am trying to avoid.

Richard

rpozywakAuthor

New Member

Thank you all for your post. I am running 6.0.4 and looking at the configure that was posted and compared it to my and it appears that I needed to set enable under the config system virtual-wan-link and the system started to work like it should.

Thank you for all of your help.

Richard

rpozywakAuthor

New Member

Were are you seeing in the system where the PPPOE daemon freezing. I am still having problems with the system load balancing it's goes over one or the other.

alex_buric

New Member

I have another problem with SD-WAN on Fortigate 60D (6.0.6)

Two WAN link:

WAN1 - Fiber with static IP

WAN2 - ADSL

I have added both WAN's in SD-WAN and done static route 0.0.0.0/0.0.0.0 to SD-WAN

After that I see two defaul route in routing table:

Routing table for VRF=0
S* 0.0.0.0/0 [1/0] via 193.200.32.2, ppp1
                   [1/0] via 31.128.69.193, wan2

After few seconds (15-20) default route with ADSL link dissaped

Routing table for VRF=0
S* 0.0.0.0/0 [1/0] via 31.128.69.193, wan2

Does anyone have such problem?

ede_pfau

New Member

Please don't cross post! You only repell people willing to help -

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded