Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mkhabbazi
Staff
Staff

Created on ‎01-25-2024 09:34 PM Edited on ‎03-19-2025 12:01 AM By Community Manager

Article Id 296202

Technical Tip: The GUI access on the SD-WAN or ECMP interface is lost after upgrading to v7.4.1, v7.4.2 or v7.4.3

Description

This article describes that the GUI access on the SD-WAN or ECMP interface is lost after upgrade. After upgrading the FortiGate to v7.4.1, v7.4.2 or v7.4.3, the GUI may not be accessible via the interface that is a member of SD-WAN due to a known issue. 

The issue can be confirmed by running a packet capture on GUI traffic. Response from FortiGate is routed out of an incorrect interface creating asymmetric flow:

 

diagnose  sniffer packet  any "host a.b.c.d" 4 0 l    

interfaces=[any] 

filters=[host a.b.c.d] 

wan1 in a.b.c.d  -> x.y.z.v: syn  

wan2 out x.y.z.v -> a.b.c.d: syn  ack  

 

  • a.b.c.d is the IP of the source from outside and x.y.z.v is the wan1 IP.
Scope

FortiGate v7.4.1, v7.4.2 and v7.4.3. 
Solution

The issue has been reported with a known issue ID 961796 and it is planned to be resolved in v7.4.4.

 

Workaround:

The user can access the GUI via another internal interface that is not part of an SD-WAN link. 

 

Related documents:

Known issues 

Resolved issues 
744
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.