Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jangelis
Staff
Staff

Created on ‎11-06-2022 04:46 AM Edited on ‎02-05-2024 12:44 AM By Moderator

Article Id 228980

Technical Tip: Route selection for SDWAN healthcheck probes

Description

This article describes that in some scenarios, the health check probes might choose an unexpected gateway resulting in probe failure.

The requirement is to route health-check probe packets via different routers.

In this example, server1 and sever2 are used as a destination for Performance SLA health-check probes.

 

Network diagram:

Network diagramNetwork diagram
Scope FortiOS.
Solution

The gateway in the SD-WAN member configuration cannot be specified:

 

SD-WAN member configurationSD-WAN member configuration

 

Then static routes need to be configured:

 

Static routes configurationStatic routes configuration

 

Note:

In this case, 'named routes' cannot be used.

The following configuration will result in the same routing table, but routes defined by address objects will not be used for Performance SLA health-check probes:

 

Routes ignored by health-check probesRoutes ignored by health-check probes

 

973
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.