I just hat the following incident:
On a FGT 100E sd-wan is active and used for internet. There is SD-WAN SLA configured for each interface in sd-wan to check link health. Worked fine so far.
There used to be 4 interfaces in sd-wan and sd-wan SLA. One is deactivated in sd-wan always (should only be used by sd-wan when all others are down).
Now I added a new Interface to sdwan (and SD-WAN SLA) which still does not have an internet connection. I did this plenty of times with no problems. This time sd-wan behaved different.
Even though the Health Check marked the Link as down correctly, sd-wan started using it and it got sessions for no use.
On all other FGT we have SD-WAN does not do so. If a link is down it is not used.
Does anyone have a clue why it behaves so different here?
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you posted what version of FortiOS you're running, that might trigger some responses.
oh sorry forgot to mention that:
it runs FortiOS 6.0.9
Btw:
even flappling link is not an explanation for we had that a couple of days ago in a shop too and there we encountered no such problems.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Had the same issue on 6.2 a few weeks back. Added a 3rd link to the SD-WAN setup, even marked as disabled under the Members list. Had a SLA showing the link down as well.... but all hell broke loose as the firewall tried to route traffic out over the disabled interface, not even enabled.... Only way to solve it was to remove the disabled member from under SDWAN member list.
ok ShawanZA's answer showed me that this might be some issue with SD-WAn or SD-WAN SLA indeed. I have opened a ticket with TAC now to have them check on this.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.