FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 276147
Description This article describes the case when finding the SD-WAN rule and member that is used in a particular session on FortiGate.
Scope FortiGate.

To find the SD-WAN rule that is used in a particular session, it is better to apply a filter to match the session in the session list.
Below is an article with more information about different ways to apply a session filter:
Troubleshooting Tip: FortiGate session table information


In this example, the filter used is by Source IP Enter the following commands to find the matching session:

diag sys session filter src
diag sys session list


The output will display all the sessions with source IP In the current example, the below output appears:


session info: proto=6 proto_state=01 duration=61 expire=3538 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
statistic(bytes/packets/allow_err): org=314/4/1 reply=1586/3/1 tuples=2
tx speed(Bps/kbps): 5/0 rx speed(Bps/kbps): 25/0
orgin->sink: org pre->post, reply pre->post dev=4->9/9->4 gwy=
hook=post dir=org act=snat>
hook=pre dir=reply act=dnat>
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=7 pol_uuid_idx=14769 auth_info=0 chk_client_info=0 vd=0
serial=0014581f tos=ff/ff app_list=0 app=0 url_cat=0
sdwan_mbr_seq=4 sdwan_service_id=3
rpdb_link_id=ff000003 ngfwid=n/a
no_ofld_reason: npu-flag-off


The useful information in the output for the SD-WAN rule and member is sdwan_mbr_seq=4 sdwan_service_id=3.


It means that SD-WAN member #4 and SD-WAN service ID #3 were used for traffic.

The SD-WAN Service ID is the SD-WAN rule number. In this example, it is possible to find the Service ID in the 'ID' section of SD-WAN Rules as shown below:




config system sdwan

    config service
        edit 3
            set name Internet
            set dst "all"
            set src "all"
            set priority-members 1


To find the member, type this command:

config sys sdwan
config members

Here is the output seen:



In the above output, port 7 has a member sequence of 4.