Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mle2802
Staff
Staff

Created on ‎04-03-2025 08:58 AM Edited on ‎04-15-2025 10:19 PM By Moderator

Article Id 385610

Troubleshooting Tip: Packet duplication on-demand in SD-WAN is not working

Description This article describes how to troubleshoot when packet is not duplicated when SD-WAN packet duplication is set to 'on-demand'.
Scope FortiGate.
Solution

From the SD-WAN configuration, verify packet duplication is configured according to Duplication on-demand when SLAs in the configured service are matched | FortiGate / FortiOS 7.2.0 | ....

 
 

SDWAN.PNG

 

However, when testing using ICMP protocol, traffic is sent via only 1 VPN tunnel instead of both tunnels configured in SD-WAN.


Screenshot 2025-03-31 174811.png
To trigger packet duplication on-demand, all members must be out of SLA. If one member is out of SLA and the other is in SLA, packet duplication will not trigger if it is configured as on-demand.

 

Screenshot 2025-03-31 175106.png

 
After confirming all members are out of SLA, generate traffic again and confirm packet duplication is triggered.

Screenshot 2025-03-31 175352.png
Screenshot 2025-03-31 175658.png
150
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.