Skip to main content
lebensaluder
lebensaluder
New Member
August 6, 2025
Solved

SD-WAN not generating default gateways for all links

  • August 6, 2025
  • 1 reply
  • 1487 views

Hi everyone,

I'm currently configuring SD-WAN on a FortiGate device, and I’ve noticed that the default routes (0.0.0.0/0) are not being generated automatically for all WAN interfaces as expected.

I have four WAN links added as SD-WAN members, and SD-WAN is enabled. However, when I check the routing table, I only see two default routes. I was expecting FortiGate to automatically generate a default route per interface when SD-WAN is active.

Here’s what I’ve done so far:

  • Added all interfaces to the SD-WAN zone

  • Assigned gateways for each member (both working members are configured via DHCP)

  • Checked SD-WAN rules and performance SLA (removed them just for debugging)

  • Verified that all interfaces are up and reachable (adding a static route for my source IP, just to check ping over internet)

Still, the routing table doesn’t reflect all default gateways. I suspect I might be missing a step or perhaps some specific configuration is required to force the routes.

Has anyone faced this issue before? Should I manually add static default routes, or is there something else I should configure to make FortiGate generate them automatically via SD-WAN?

Thanks in advance!

 

SDWAN definition

config system sdwan
set status enable
set load-balance-mode measured-volume-based
config zone
edit "virtual-wan-link"
next
end
config members
edit 1
set interface "ha1"
next
edit 2
set interface "wan2"
set gateway 200.XXX.XXX.XXX #This is not working
next
edit 4
set interface "dmz"
next
edit 5
set interface "npu0_vlink1"
set gateway 200.XXX.XXX.XXX #This is not working
next
end
end

Route List

get router info routing-table all

Routing table for VRF=0
S* 0.0.0.0/0 [5/0] via 186.XXX.XXX.XXX, dmz, [1/0]
[5/0] via 200.XXX.XXX.XXX, ppp3, [1/0]

Members status

diagnose sys sdwan member

Member(1): interface: ha1(ppp3), flags=0x0 , gateway: 200.51.241.1, priority: 1 1024, weight: 0
Config volume ratio: 1, last reading: 120006119865B, overload volume 24733MB
Member(2): interface: wan2, flags=0x0 , gateway: 200.85.183.173, priority: 1 1024, weight: 25
Config volume ratio: 1, last reading: 27051273B, volume room 25MB
Member(4): interface: dmz, flags=0x0 , gateway: 186.139.244.1, priority: 1 1024, weight: 0
Config volume ratio: 1, last reading: 225877796055B, overload volume 27920MB
Member(5): interface: npu0_vlink1, flags=0x0 , gateway: 200.5.96.209, priority: 1 1024, weight: 25
Config volume ratio: 1, last reading: 3489802572214B, volume room 25MB

 

Best answer by Toshi_Esumi

Static route's default distance is 10. That's why those won't show up in RIB.
Either change the static route's distance to 5 or those dynamic interfaces' distance to 10.

Toshi

1 reply

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
August 6, 2025

So you're saying you have only 2 default routes instead of 4? At least the second one via 200.xxx.xxx.xxx is PPPoE instead of DHCP since the virtual interface name is "ppp3". Are you sure the other two are DHCP?
If dynamic, make sure interface's "distance" is not changed from the default 5. If higher, it wouldn't make it to RIB.

Toshi

lebensaluder
lebensaluderAuthor
New Member
August 6, 2025

Sorry, I mean Dynamic not DHCP.

One interface is DHCP, the other is PPP, as you said, both dynamics are working, both statics aren't.

We have 4 wan links, all healthy, but only 2 gateways are present on the routes list. (casually both dynamics, or not, I don't figure out yet)

Toshi_Esumi
SuperUser
Toshi_EsumiAnswer
SuperUser
August 6, 2025

Static route's default distance is 10. That's why those won't show up in RIB.
Either change the static route's distance to 5 or those dynamic interfaces' distance to 10.

Toshi

Terms & ConditionsAccessibility statement