| Description |
This article describes that if 'set default' and 'set gateway' are disabled in the SD-WAN service, it will do a FIB lookup based on the destination IP address. If there is a FIB match, and the FIB interface is an SD-WAN member, it will not search for the next SD-WAN service even if this FIB is not the best match.
Since 7.0.1, there is a Change in default behavior, 709056, the tie-break fib-best-match option is extended to consider only the best routes. This works on manual, priority, and SLA SD-WAN service modes. |
| Scope | FortiGate 7.0.1 and above. |
| Solution |
Members/Route/FIB was the same in 3 examples:
Members:
Route:
FIB:
1) Only 1 member in SD-WAN service, as has a default route, traffic will via the member and will not check further SD-WAN service which has a long match.
Service:
Policy route match:
Packet capture:
2) 2 members in SD-WAN service: 1st member has default route, 2nd member has special route long match, not enable tie-break fib-best-match, packet will via 1st member.
Service:
Policy route match:
Packet capture:
3) 2 members in SD-WAN service: 1st member has default route, 2nd member has special route long match, enable tie-break fib-best-match, packet will via 2nd member
Service:
Policy route match:
Packet capture:
Related document: |
