Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Umer221
Staff
Staff

Created on ‎12-29-2023 09:36 AM Edited on ‎09-01-2025 10:40 PM By Moderator

Article Id 291666

Troubleshooting Tip: Unable to add an interface to SD-WAN Zone as a member, some interfaces do not show in the drop-down list

Description

This article provides guidance on how to configure an interface as an SD-WAN member if it does not appear in the Interface field.

 

DESC.PNG

 
Scope FortiOS, FortiGate, SD-WAN.
Solution

 An interface cannot be configured as an SD-WAN member in any of the following cases:

  • Interface is already used in an existing firewall policy or system zone.
  • Interface is already used as a member of a switch or aggregate interface.
  • Interface is configured as an out-of-band management interface.

 

An interface that is not eligible to be configured in SD-WAN will not be visible in the New SD-WAN Member page: Network -> SD-WAN -> Select ‘Create New’ -> Select 'SD-WAN Member'.

 

0_sdwan member.PNG


To make an interface eligible for SD-WAN:

If the interface is already in use, the following changes will cause traffic disruption until SD-WAN is configured. It is recommended to take a configuration backup before proceeding.

Find the interface’s references: In Network -> Interfaces, select the number in the 'Ref.' column to bring up the References pane.

1_check references.PNG
Check the References Pane for configuration that prevents the device from becoming an SD-WAN member.

1_search references.PNG
If an interface does not have its row in Network -> Interface, it may be a member of another interface. Locate it using the interface search function.

1_search for interface.PNG

Removing conflicting references: Remove interface from switch or aggregate 'Interface members'.

2_switch interface.PNG
Remove the interface from firewall policies.

2_firewall policy.PNG
Remove the interface from the System Zone.

2_system zone remove.PNG

Remove out-of-band management configuration: Some FortiGate models include ports that can be configured for dedicated out-of-band management. If a physical port has no references showing in Network > Interfaces but still cannot be configured as an SD-WAN member, disable any Dedicated Management Port configuration.

3_dedicated disable.PNG
High Availability clusters also include the out-of-band management option 'Reserved Management Interface'. Reserved management interfaces cannot be configured as an SD-WAN member.

3_ha reserved management interface.PNG


Result:

After removing all conflicting references, the interface shows as available in the SD-WAN member Interface drop-down.

Foot_sdwan member.PNG


Note:

For simple configurations, the Interface Migration Wizard can update conflicting references automatically. See 'Technical Tip: How to add the interface in SD-WAN member without deleting references'.

Do not add an SD-WAN member when its gateway is in the firewall's IP pool list, as this could cause issues when installing a route to Kernel and cause an outage. This SD-WAN configuration limitation will be added in the upcoming firmware v8.0.
10751
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.