The known issue# 1017761 affects the SD-WAN rules configured in load-balance mode when ‘set gateway’ command is set to enable. 

The below article shows the working of the gateway attribute: 

Technical Tip: Multiple default routes where SD-WAN rules are not preferred 

In an SD-WAN rule the gateway attribute is not present when mode load-balance is configured. To configure/enable it, change the mode of the SD-WAN rule from load-balance to any other mode. After enabling the gateway attribute, change the mode back to load-balance. The attribute will be active in the kernel even though it will not be visible in the configuration. 

FGVM # config sys sdwan 

FGVM(sdwan) # config service 

FGVM(service) # edit 1 

FGVM(1) # show 

config service 

    edit 1 

        set name "load-balance" 

        set mode load-balance 

        set dst "all" 

            config sla 

                edit "Default_Gmail" 

                    set id 1 

                next 

            end 

        set priority-members 2 1 

    next 

end 

FGVM(1) # set gateway  

command parse error before 'gateway' 

FGVM(1) # set mode sla  

FGVM(1) # set gateway enable  

FGVM(1) # set mode load-balance  

FGVM(1) # next 

Issue occurs when the FortiGate is either restarted or upgraded, this attribute is skipped during these processes, as this command is not present in the configuration. Due to this the command ‘set gateway enable’ is changed to default ‘set gateway disable’ as a result it will not show up in the output of the 'show' command. 

Before restarting the FortiGate: 

FGVM # config sys sdwan 

FGVM(sdwan) # config service 

FGVM(service) # edit 1 

FGVM(1) # show 

config service 

    edit 1 

        set name "load-balance" 

        set mode load-balance 

        set dst "all" 

            config sla 

                edit "Default_Gmail" 

                    set id 1 

                next 

            end 

        set priority-members 1 2 

    next 

end 

FGVM(1) # set mode  sla 

FGVM(1) # show 

config service 

    edit 1 

        set name "load-balance" 

        set mode sla 

        set dst "all" 

            config sla 

                edit "Default_Gmail" 

                    set id 1 

                next 

            end 

        set priority-members 1 2 

        set gateway enable <-- This attribute shows up enabled after changing the mode.

    next 

end 
 

After restarting the FortiGate:

FGVM # config sys sdwan 

FGVM(sdwan) # config service 

FGVM(service) # edit 1 

FGVM(1) # show 

config service 

    edit 1 

        set name "load-balance" 

        set mode load-balance 

        set dst "all" 

            config sla 

                edit "Default_Gmail" 

                    set id 1 

                next 

            end 

        set priority-members 1 2 

    next 

end 

FGVM(1) # set mode  sla 

FGVM(1) # show 

config service 

    edit 1 

        set name "load-balance" 

        set mode sla 

        set dst "all" 

            config sla 

                edit "Default_Gmail" 

                    set id 1 

                next 

            end 

        set priority-members 1 2 

    next 

end

FGVM(1) # show full 

config service 

    edit 1 

        set name "load-balance" 

        set addr-mode ipv4 

        set input-device-negate disable 

        set mode sla 

**output omitted** 

            config sla 

                edit "Default_Gmail" 

                    set id 1 

                next 

            end 

        set priority-members 1 2 

        set status enable 

        set gateway disable <--- Disabled after the restart.

**output omitted** 

    next 

end 

The issue has been identified, and a solution is currently in progress. As a workaround, change the SD-WAN rules from load-balance to SLA mode before upgrading or rebooting the FortiGate.