Hubertzv thanks for your reply. I think you got me onto the right path.
Alas I think session based is not the right decision since it does the same as volume based (which we had) just counting sessions instead of packets and distributing procentual by weight. This would not prevent the Loadbalancer from exhausting too much bandwith.
I've now changed it to use spillover and set the ingress/egress threholds for the lines so that the loadbalancer cannot exhaust all bandwith. In fact it can to on line 2 because that has the bigger bandwith and is only secondaryly used by tunnels. So atm its thresholts are at maximum. I thus set Line 1 (primary Wan for the tunnels) to threshold at half of its bandwith in/out (that is a symetric line!).
So accoarding to the descriptions at Fortinet Site internet traffic should not be able to use up more than this on that line.
I'll monitor that and see...
thanks so far.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams