FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes an issue where FortiGate limits traffic load balancing to only 8 active SD-WAN members in an SD-WAN rule when using load-balance mode, even if more than 8 members are configured.
Scope
FortiGate v7.0, v7.2, v7.4, v7.6.
Solution
When load-balance mode is enabled in an SD-WAN rule with more than 8 SD-WAN members, traffic distribution is restricted to 8 members only.
This is an expected behavior for firmware versions before v7.2.11, v7.4.8, and v7.6.3.
Sample Config:
config system sdwan config service edit 1 set mode load-balance set hash-mode source-ip-based set dst "all" set src "all" config sla edit "test" set id 1 next end set priority-members 1 2 3 4 5 6 7 8 9 10 11 12 13 14 next end end
Starting from v7.2.11, v7.4.8, v7.6.3, traffic can be load-balanced across up to 16 SD-WAN members in load-balance mode.
Note:
Starting from v7.4.1 and v7.6.0, the command 'set mode load-balance' is replaced with a new command 'set load-balance enable' to achieve similar functionality.
