Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vvikash
Staff
Staff

Created on ‎09-02-2025 12:17 AM Edited on ‎09-02-2025 12:18 AM By Community Manager

Article Id 409105

Technical Tip: Only One Link Shows as Selected Member in SD-WAN Rules with Load-balancing enable

Description This article highlights a behavior observed in FortiGate v7.4.8 onwards as well as v7.6.1 to v7.6.3 where SD-WAN rules display only one member as selected even when load-balancing is enabled.
Scope FortiGate v7.4.8 onwards; v7.6.1 to v7.6.3.
Solution

In v7.4.8 andv 7.6.1, the SD-WAN GUI pages received a new layout to better optimize them for larger environments, as they were previously failing to load properly due to heavy API requests that tried to load data for the page all at once. For reference, see Resolved Issues 1041812 and 1096400 in the FortiOS Release Notes

FortiOS 7.4.8 Release Notes - Resolved Issues

FortiOS 7.6.1 Release Notes - Resolved Issues

 

As part of these changes, the SD-WAN-related GUI pages now display information somewhat differently when comparing the before and after.

 

For example, the following screenshot shows a FortiGate-VM running v7.4.6 with an SD-WAN rule that has load-balancing enabled. All interface members are visible and show a checkmark indicating their status as selected outgoing interfaces:

 

vvikash_0-1756760844852.png

However, after upgrading to v7.4.8, the SD-WAN Rules GUI page now only shows a single selected interface in the Selected members column, even when load-balancing is enabled:

 

vvikash_1-1756760844855.png

 

When checking the CLI with the command 'diagnose sys sdwan service4', the same SD-WAN rule shows that both member interfaces (port2 and port3) are selected as expected for load-balancing:

 

FGVM04TM25004309 # diagnose sys sdwan service4

 

Service(1): Address Mode(IPV4) flags=0x24200 use-shortcut-sla use-shortcut (2), TOS(0x0/0x0), Protocol(0): src(1->65535):dst(1->65535), Mode(manual  hash-mode=round-robin)

Members(2):

    1: Seq_num(1 port2 Underlay), alive, gid(1), selected

    2: Seq_num(2 port3 Underlay), alive, gid(1), selected

Service(2): Address Mode(IPV4) flags=0x24200 use-shortcut-sla use-shortcut

 

Gen(2), TOS(0x0/0x0), Protocol(0): src(1->65535):dst(1->65535), Mode(manual  hash-mode=round-robin)

  Members(2):

    1: Seq_num(3 VPN1 overlay), alive, gid(1), selected

    2: Seq_num(4 VPN2 overlay), alive, gid(1), selected

 

Workaround: 

To display all member interfaces and their selected status for SD-WAN Rules, add the Members column to the SD-WAN Rules table as shown below (note that this is different from the Selected members column that is displayed by default).

 

Note:

v7.6.4 includes a series of GUI improvements/changes, and as part of these changes, it also sets the Member column as the new default, rather than the Selected members. This effectively resolves the issue and reduces confusion.

 

vvikash_2-1756760844859.png

 

After adding the Members column, all SD-WAN Member interfaces for the rule will be visible, along with the selected status:

 

vvikash_3-1756760844861.png
Labels:
119
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.