Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nageentaj
Staff
Staff

Created on ‎09-25-2023 12:27 AM Edited on ‎09-25-2023 06:02 AM By Moderator

Article Id 275694

Troubleshooting Tip: Traffic does not match SD-WAN rules

Description

This article describes how to troubleshoot when traffic does not match SD-WAN rules.
Scope FortiGate.
Solution

To make sure SD-WAN rules work, there must be a route in the routing table for that destination. If there is no route to the corresponding destination in the routing table, SD-WAN rules will not trigger.

 

For example:

An SD-WAN rule has been created as below:

 

nageentaj_2-1695625716247.png

 

The source is 'all' and the destination is '1.2.3.4', but there is no valid route for '1.2.3.4' in the routing table:

 

nageentaj_3-1695625716248.png

 

If a user attempts to go through '1.2.3.4' in this scenario, traffic will not be routed to port1 as per the SD-WAN rule.

 

To avoid this scenario, first create a static route to that destination toward the expected interface as shown in the following image:

 

nageentaj_4-1695625716252.png

 

The route will pop up as shown in the following image:

 

nageentaj_5-1695625716255.png

 

After making this change, the SD-WAN rule will receive hits as intended.
1140
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.