FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 268588
Description This article describes the issue reported after adding the Wwan link to the SD-WAN Zone, as the default route did not get pushed in the routing table.
Scope FortiGate
  • When a user has multiple links and is deploying the SD-WAN in the environment with all the available internet links, while adding the members in the SD-WAN zone the gateway is not needed to define it takes automatically.
  • The issue occurs when any one of the links is LTE connected to Wwan and adds the LTE Wwan interface as an SD-WAN member.
  • When the LTE link is not a member of the SD-WAN and a normal default route is added then it reflects in the routing table without any fail.

get router info routing-table details

Routing table for VRF=0
S* [1/0] via 10.10.x.x, port2
[1/0] is directly connected, wwan <----- Via Wwan LTE 4G connection.

  • After adding the Wwan link in the SD-WAN zone as a member and defining the default static route to the internet via SD-WAN zone the route for the Wwan link will not show in the routing due to which Wwan link will not be able to access the internet.

    get router info routing-table details

    Routing table for VRF=0
    S* [1/0] via 10.10.x.x, port<----- Route from the Wwan link did not reflect.

  • Check if override gateway is disabled or not, by default it will be enabled

config system lte-modem

sh full-config
    set status enable
    set extra-init ''
    set manual-handover disable
    set force-wireless-profile 0
    set authtype none
    set sim1-pin ENC
    set apn ''
    set modem-port 255
    set network-type auto
    set auto-connect disable
    set gps-service disable
    set gps-port 255
    set data-usage-tracking disable
    set band-restrictions ''
    set image-preference auto-sim
    set allow-modify-wireless-profile-table enable
    set allow-modify-mtu-size enable
    set override-gateway disable <-----
    set sim-hot-swap enable
    set connection-hot-swap 5-minutes

  • Since the gateway information is not able to be fetched from the ISP which is provided by the DHCP.
  • If the override gateway disable option did not help to fix the issue, then define any dummy gateway IP in the member.

config system sdwan
config members
    edit 2
       set interface "wwan"
       set gateway 10.19.x.x <----- Assign any dummy IP (example:
       set priority 100

Post doing the changes if the routing table is checked, it is possible to see the route to the internet via Wwan link also and the internet is accessible.