FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 228980

This article describes that in some scenarios, the health check probes might choose an unexpected gateway resulting in probe failure.

The requirement is to route health-check probe packets via different routers.

In this example, server1 and sever2 are used as a destination for Performance SLA health-check probes.


Network diagram:

Network diagramNetwork diagram

Scope FortiOS.

The gateway in the SD-WAN member configuration cannot be specified:


SD-WAN member configurationSD-WAN member configuration


Then static routes need to be configured:


Static routes configurationStatic routes configuration



In this case, 'named routes' cannot be used.

The following configuration will result in the same routing table, but routes defined by address objects will not be used for Performance SLA health-check probes:


Routes ignored by health-check probesRoutes ignored by health-check probes