|
The aws.amazon.com in SD-WAN default health check list has been removed due to bug id 935297 (Probe server aws.amazon.com is listed in SD-WAN default health-check list).
It can be found in 'Resolved issues' in:
It is expected to see the SD-WAN health check default AWS failed command when checking the config-error-log after upgrading to firmware v7.2.11, as shown in the output below:
FGT_A (global) # diagnose debug config-error-log read
>>> ""next" @ root.system.sdwan.health-check.Default_AWS":failed command (error 1)
If the VDOM is configured in FortiGate, the config-error-log error message will be shown as output below:
FGT_A (global) # diagnose debug config-error-log read
>>> "next" @ root.system.sdwan.health-check.Default_AWS:failed command (error 1)
>>> "next" @ vdom1.system.sdwan.health-check.Default_AWS:failed command (error 1) <---
Note: On October 12, 2025, Amazon Web Services (AWS) blocked HTTP probes from FortiGate devices (Based on the user-agent header) to protect its infrastructure.
After this, HTTP probes to aws.amazon.com from FortiGate devices will be blocked, and any SD-WAN Performance SLA using this Health check will fail.
Related article:
Outbreak Alert: Preparing for AWS Probe Blocking - (CSB-250930-1) Remove the Default_AWS health chec...
|
