Description | This article describes a possible scenario where the user is applying SD-WAN configuration with 3 ISP links. |
Scope | FortiGate. |
Solution |
However, the user is seeing in logs multiple TCP resets from public servers on the internet while traffic is being allowed by the proper SD-WAN rule 3 which has the below settings :
config system sdwan
As shown above, the SD-WAN rule has a round-robin hash-mode which may result in public servers receiving the request from different source IPs and eventually will lead to TCP reset.
Change the SD-WAN rule hash mode to be source-ip-based as shown below:
config system sdwan next end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.