Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
qyah
Staff
Staff

Created on ‎09-23-2024 12:22 AM Edited on ‎09-14-2025 11:04 PM By Moderator

Article Id 343079

Troubleshooting Tip: Route shows inactive when SD-WAN Performance SLA Configured

Description This article describes that the route shows inactive when SD-WAN Performance SLA is Configured.
Scope FortiGate v7.4.X.
Solution
  1. From the output of the command, 'get router info routing-table details 0.0.0.0' the static route has been configured and is showing inactive at port2:

 

Screenshot 2024-09-22 160931.png

 

  1. A configured Performance SLA still runs even if all SD-WAN rules referencing the interface have an interface selection method that does not rely on SLA. In this example, the 'Manual' strategy is used, but port2 is still not selected to forward the traffic.

 

Screenshot 2024-09-22 161050.png

 

  1. When an SD‑WAN Performance SLA is assigned to an interface, FortiGate monitors its health. If the health check fails (no response to probes within timeout), and 'Update static route' is enabled, the system automatically removes or marks inactive the associated static route in the routing table. This behavior ensures traffic doesn’t route over unhealthy links, and so it is the default configuration for Performance SLA. If a route is being inactivated and that behavior is not desired, follow one or more of the following:

 

Screenshot 2024-09-22 161222.png

 

  1. The same troubleshooting method can be done for IPsec tunnels, which are SD-WAN members. In many environments, configuring a source IP address for an IPsec tunnel to use with a Performance SLA is required, see Technical Tip: How to configure source IP for Secure SD-WAN Performance SLA

 

A route will also show inactive if there is no valid gateway or next-hop in the routing table, see the KB article Technical Tip: SD-WAN is not in Active Routing Table.

 

Note: In case of abnormal behavior, restart the routing engine process. Restarting the route process will affect all the traffic and needs to be performed during a maintenance window.

 

execute router restart 

 

Related articles:

Technical Tip: How to identify inactive routes in the Routing Table 

Technical Tip: Different usage of 'execute router ' command in the event of abnormal routing behavio... 
1765
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.