Skip to main content
Leeos
Leeos
New Member
November 6, 2019
Solved

SD-WAN Status check problem.

  • November 6, 2019
  • 1 reply
  • 11470 views

Hi,

 

FortiGate 200D - FortiOS v5.6.11 build1700 (GA). 5 wan connections.   Every 1-2 days some connections status changed to down. But the connections are up! If I change the detect server its OK.     After 1-2 days down again! change the detect server all OK. Example: Used 8.8.8.8 - OK, when down change to 8.8.4.4 - OK, when down back to 8.8.8.8, then 8.8.4.4 and so on... I tried few others Ip addresses as detect server same result.  Any idea?   Thanks, Lior. 
    Best answer by sw2090

    The other thread btw is here: https://forum.fortinet.com/tm.aspx?m=178607&tree=true

     

    I just received the info from TAC that their internal management has escalated that bugfix to be backported to 5.6.

    There is not yet any confirmation if it will be. TAC will keep me informed.

     

    What I can confirm (since I hard tested that today with a test FGT here) is that the bug is fixed in 6.0.6.

    1 reply

    Fullmoon
    Fullmoon
    New Member
    November 6, 2019

    how about upgrading the FGT 200D version to 6.0.5 or 6.0.6 and monitor its behavior.

    Leeos
    LeeosAuthor
    New Member
    November 6, 2019

     

    I like too, but its say, No Valid Upgrade path...

    I do not want to loose configuration. 

    sw2090
    SuperUser
    sw2090
    SuperUser
    November 6, 2019

    two things:

     

    1. what you describe is a known bug in 5.6.11 of which we still have no devinitve answer from TAC wehter it will be fied in 5.6.11 or not. Thus it is fixed in 6.0.6 or 6.2 . There is a thread about it in the "Routing & transparent mode" Forum here.

    Sdwan Status Check - due to that bug - does detect that the interface/connection is back up but fails to bring back the routes.

    You could deactivate the automatic routing in Status Check but  this would somewhat remove redundancy from your sdwan.

    If you run into that issue and still have some way to access cli of your FGT you could restart the routing services (exec router restart) to make the routing work correctly again - until the next WAN Outage...

     

    2. Yes there is no valid upgrade path from 5.6.10/11 to 6.0.6. This is because accoarding to the upgrad path utility on the support portal this is one single step. You can directly upgrade 5.6.10 or 5.6.11 to 6.0.6. This is officially supported.

    Terms & ConditionsAccessibility statement