Technical Tip: SD-WAN is not in Active Routing Table

This article describes that port4 and port5 are two external interfaces, they are in the SD-WAN zone and have an equal chance to route traffic to the Internet.

In the static route, the default route 0.0.0.0/0 has been configured with interface SD-WAN zone, but they are not in the active routing table.

Discovery-kvm88 # config system interface

Discovery-kvm88 (interface) # show

config system interface

    edit "port4"

        set vdom "root"

        set ip 172.16.1.1 255.255.255.0

        set type physical

        set snmp-index 4

    next

    edit "port5"

        set vdom "root"

        set ip 192.168.1.1 255.255.255.0

        set type physical

        set snmp-index 5

    next

end

Discovery-kvm88 # config system sdwan

Discovery-kvm88 (sdwan) # show

config system sdwan

    set status enable

        config zone

            edit "virtual-wan-link"

            next

        end

        config members

            edit 1

                set interface "port4"  <-- default zone is 'virtual-wan-link'.

            next

            edit 2

                set interface "port5"  <-- default zone is 'virtual-wan-link'.

            next

        end

end

Discovery-kvm88 # config router static

Discovery-kvm88 (static) # sh

config router static  

    edit 4

        set distance 1

        set sdwan-zone "virtual-wan-link"

    next

end  

Discovery-kvm88 # get router info routing-table all

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

       O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       V - BGP VPNv4

       * - candidate default

Routing table for VRF=0

C       10.9.0.0/20 is directly connected, port1

C       172.16.1.0/24 is directly connected, port4

    S       172.25.0.0/16 [10/0] via 10.9.15.254, port1, [1/0]

C       192.168.1.0/24 is directly connected, port5

FortiOS v7.2 or above.

The default gateway is not set in the SD-WAN members, so the SD-WAN is unavailable in routing. After adding the default gateway of port4 and port5, the SD-WAN is in the active routing table.

Discovery-kvm88 # config system sdwan

Discovery-kvm88 (sdwan) # sh

config system sdwan

    set status enable

        config zone

            edit "virtual-wan-link"

            next

        end

        config members

            edit 1

                set interface "port4"

                set gateway 172.16.1.2  

            next

            edit 2

                set interface "port5"

                set gateway 192.168.1.2  

            next

        end

end

Discovery-kvm88 # get router info routing-table all

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

       O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

       V - BGP VPNv4

       * - candidate default

Routing table for VRF=0

S*      0.0.0.0/0 [1/0] via 172.16.1.2, port4, [1/0]  

                  [1/0] via 192.168.1.2, port5, [1/0]       

C       10.9.0.0/20 is directly connected, port1

C       172.16.1.0/24 is directly connected, port4

S       172.25.0.0/16 [10/0] via 10.9.15.254, port1, [1/0]

C       192.168.1.0/24 is directly connected, port5

Gateway configuration is generally required for all route configurations on FortiGate. A further example is shown below :

No gateway configured for Port 2

SDWAN route is only installed for Port 1

Static route configured for SDWAN member

After configuring gateway of Port 2, routes for it is installed in the routing table

To verify what the gateway IP is, get sys arp can be used as described in the article: Technical Tip: How to verify the default gateway IP address for an interface on FortiGate to configu....