Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

When the dynamic route changes, sessions are kept on the wrong interface.

Hi there!


We have version 6.4.5 installed on our FWG100F.


I have configured a dynamic routing through BGP and using a performance SLA to our DataCenter by 2 ways, (optical fibre and IPsec tunnel).

When the Fibre (main) goes down, the secondary route "tunnel Ipsec" is up correctly, but when the main line recovers, the Firewall keeps the old sessions, going out through the wrong interface (standby) and does not work correctly.


Researching I have read that this can be solved for NAT connections by enabling "snat-route-change", but in our case the sessions are not with NAT, being internal communication. We have tested it and it works, but obviously we can't use it since it is internal communication and we always need to be able to see the origin of the communications.


Someone knows what could be going on? I've read that others don't have the same problem for IPsec sessions with SLA performance without NAT.

I appreciate any advice!


Not applicable



Can you confirm if you have also confirmed SDWAN ?


Hello! Thanks for your reply.

Yes I'm using SD-wan with the interface of the Main circuit participating performance SLA. 

When it goes down, the standby circuit rise up correctly, but when it bring up, the routes go to the main circuit, but the sessions are still running through the standby interface and does not work.