Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rcarreras
New Contributor III

SD WAN enters in conservative mode for too much traffic

Hello,

 

I have a Fortigate 200E with 3 WAN Links grouped in SD WAN virtual interface. Firewall is running FortiOS 5.6.3. The firewall is used for wifi internet access.

 

Today the firewall has dropped SD WAN links with this message : 

 

The member(6) enters into conservative status with limited ability to receive new sessions for too muchtraffic.

The member(3) enters into conservative status with limited ability to receive new sessions for too muchtraffic.

The member(4) enters into conservative status with limited ability to receive new sessions for too muchtraffic.

 

After few minutes the SD WAN link has recovered and working fine again.

 

The firewall is ok with RAM and CPU resources, almost always below 20%, only App control is used ( No Antivirus, Web filtering, IPS, ... )

 

We have between 10000 and 50000 IP sessions shared over SD WAN interfaces. In order to minimize sessions in the firewall we use recursive DNS in internal firewall interfaces, so the clients does not open thousands of DNS sessions.

 

We have opened a support ticket , but waiting for reply.

 

Any idea with this issue? 

 

Best regards,

 

Ricard

 

 

 

3 REPLIES 3
mahesh_secure
Contributor

Hi Check any system is infected with botnet. This may create lot of session to internet. Regards Mahesh
SMabille

Hi,

 

Did you open a ticket or got any explanation for this?

 

Starting to experience same behavior on 6.0.0 on 60E in lab, very low sessions numbers (~500), no memory or CPU peak at all.

 

Wondering if it's not an attempt/way to force balancing between the members based on volumes rules.

 

Thanks,

Stephane

akileshc
Staff
Staff

Hello Ricard,

 

This particular error would be observed when the SD_WAN member/interface has consumed all its allocated volumes (based on the measured-volume load balance algorithm) and to find other members to accept the new sessions(So, the system can keep the volume balanced).

 

In your case, the SD_WAN member(6/3/4) consumed all its allocated volumes and enters into this represents an informative message about changing the wan link for the next sessions. Since this would work based on the predefined algorithm; we could overcome this scenario by identifying the maximum session initiating sources and creating specific SD_WAN rules with other members/interface, to make sure that the session would be load balanced between another SD_WAN member also.

 

For more information please refer to the below link:
http://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-networking/SD-WAN/SD-WAN_load_balanci...