Description |
This article explains how to force sessions to keep using the outgoing interface and gateway after a route change. The reevaluation of a dirty session following a route change may result in a failover to another SD-WAN member. If the SD-WAN members are connected to different devices, it can cause an interruption of TCP sessions. |
Scope | FortiGate v7.0. |
Solution |
To avoid a route change, when the current route is still available, but no longer the best route, it is possible to enable the preserve session route under interface-level. It will force the session to stay on the same SD-WAN member, provided the route in use by the session is still in the FIB.
config system interface end
However, if the route is removed from the FIB, then FortiGate must flag the session as dirty, flush its gateway
In the above topology, if FortiGate establishes the session via Port1, but due to SLA changes, the best route is
session info: proto=1 proto_state=00 duration=6 expire=53 timeout=0 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3 diag netlink interface list | grep index=5
diag sys sdwan member | grep (2)
The above logs show the details of an ICMP session established through an interface (Port3) that has the setting Note that only relevant lines of the session are displayed. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.