Routing information changed

DarkNareh · ‎11-22-2021

Message meets Alert condition
The following critical firewall event was detected: Routing information changed.
date=2021-11-22 time=17:18:52 devname= devid= eventtime= tz="-0400" logid="" type="event" subtype="system" level="critical" vd="root" logdesc="Routing information changed" name="Check_Office365" interface="wan2" status="down" msg="Static route on interface wan2 may be removed by health-check Check_Office365. Route: (X->Y http-down)"

ESCHAN_FTNT · ‎11-23-2021

Hi DarkNareh

This probably means that you have health-check or link-monitor to a specific server (should be http) and the server is failing.

pavankr5 · ‎09-07-2023

Hello @DarkNareh

This log entry is alerting you to a critical event where the routing information on the wan2 interface has changed, potentially due to a health-check operation named Check_Office365. The route in question appears to be related to HTTP traffic (http-down).

Please review the configuration of your firewall and routing settings to understand the changes that triggered this event. Verify whether the routing change was intentional or if it indicates a potential issue or misconfiguration

maulishshah · ‎09-10-2023

@DarkNareh, In addition to the previous reply the log stated the interface wan2 might be down and that is used for Microsoft. It could be possible the SDWAN is configured in your environment and it is load balancing the traffic.

Maulish Shah

mle2802 · ‎09-11-2023

Hi there,

In addition to previous reply, please refer to this document to verify link-monitor configuration "https://community.fortinet.com/t5/FortiGate/Technical-Tip-Link-monitor/ta-p/197504"