FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article explains how to set 0 value. In some scenarios, the value needs to be set to 0 for any of SD-WAN Members in Session or Volume based SD-WAN Algorithm. Even though Zero value is set, FortOS considers it as 1 and therefore traffic may flow via those Interfaces.
Solution WorkAround:
Use priority settings, if SD-WAN is not required.
Configure higher value in Priority settings for the Interface which won't be used in SD-WAN.
***higher the value, lower the priority***
For Example:
3 wan links (WAN1,WAN2,WAN3) configured in SD-WAN with volume ratio 95,5,0 respectively. Even though wan3 was not configured with any volume (0 volume), FortOS considers it has 1 therefore traffic with a lower priority will flow via this Interface.
#config system virtual-wan-link set status enable set load-balance-mode measured-volume-based config members edit 1 set interface "wan1" set gateway x.x.x.x set volume-ratio 95 next edit 2 set interface "wan2" set gateway y.y.y.y set volume-ratio 5 next edit 3 set interface "wan3" set gateway z.z.z.z next end
Configured higher priority for wan3, so that It won’t be used in traffic distribution
#config system virtual-wan-link config members edit 1 set priority 1 next edit 2 set priority 1 next edit 3 set priority 2 next end
