Technical Tip: How to change sequence of SD-WAN members using CLI

Mohammed_Feroz · ‎01-16-2025

Description

This article describes the need to change the sequence of SD-WAN members in certain conditions and how to do so via the CLI.

Scope

FortiGate.

Solution

Access the CLI of the FortiGate.
Enter the following command to move a specific SD-WAN member.

FGT # config system sdwan
FGT (sdwan) # config members
FGT (members) # show

config members
edit 1
set interface "port1"
set zone "SDWAN-INET"
set gateway 1.1.1.1
next
edit 2
set interface "port2"
set zone "SDWAN-INET"
set gateway 2.2.2.2
next
edit 3
set interface "s2sadvpn1_LL"
set zone "SDWAN-ADVPN"
next
...
...
...
edit 12
set interface "port3"
set zone "SDWAN-INET"
set gateway 3.3.3.3
next
end

FGT (members) # move 12 before 3
FGT (members) # show
config members
edit 1
set interface "port1"
set zone "SDWAN-INET"
set gateway 1.1.1.1
next
edit 2
set interface "port2"
set zone "SDWAN-INET"
set gateway 2.2.2.2
next
edit 12
set interface "port3"
set zone "SDWAN-INET"
set gateway 3.3.3.3
next
edit 3
set interface "s2sadvpn1_LL"
set zone "SDWAN-ADVPN"
...
...
...

FGT (members) # end
FGT (sdwan) # end

Other possibilities for moving a command using a '?' after the command are shown below:

FGT(members) # move
seq-num Sequence number(1-512).
1 port1 SDWAN-INET
2 port2 SDWAN-INET
3 s2sadvpn1_LL SDWAN-ADVPN
..

..
12 port3 SDWAN-INET

FGT (sdwan) # config members

FGT (members) # move 12
after move after
before move before

To move an SD-WAN service, refer to the below KB article:

Technical Tip: How to change sequence of SD-WAN rules using CLI

FortiGate command 'print tablesize':

Technical Tip: FortiGate maximum values table and search for the entry 'system.sdwan:members'.

Technical Tip: How to change sequence of SD-WAN members using CLI

You are leaving our website