Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sw2090
Honored Contributor

Bug in SDWAN SLA?

I just hat the following incident:

 

On a FGT 100E sd-wan is active and used for internet. There is SD-WAN SLA configured for each interface in sd-wan to check link health. Worked fine so far.

There used to be 4 interfaces in sd-wan and sd-wan SLA. One is deactivated in sd-wan always (should only be used by sd-wan when all others are down).

Now I added a new Interface to sdwan (and SD-WAN SLA) which still does not have an internet connection. I did this plenty of times with no problems. This time sd-wan behaved different.

Even though the Health Check marked the Link as down correctly, sd-wan started using it and it got sessions for no use.

On all other FGT we have SD-WAN does not do so. If a link is down it is not used.

Does anyone have a clue why it behaves so different here?

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
4 REPLIES 4
Toshi_Esumi
Esteemed Contributor III

If you posted what version of FortiOS you're running, that might trigger some responses.

sw2090
Honored Contributor

oh sorry forgot to mention that:

 

it runs FortiOS 6.0.9

 

Btw:

 

even flappling link is not an explanation for we had that a couple of days ago in a shop too and there we encountered no such problems.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
ShawnZA

Had the same issue on 6.2 a few weeks back. Added a 3rd link to the SD-WAN setup, even marked as disabled under the Members list. Had a SLA showing the link down as well.... but all hell broke loose as the firewall tried to route traffic out over the disabled interface, not even enabled.... Only way to solve it was to remove the disabled member from under SDWAN member list.

sw2090
Honored Contributor

ok ShawanZA's answer showed me that this might be some issue with SD-WAn or SD-WAN SLA indeed. I have opened a ticket with TAC now to have them check on this.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Top Kudoed Authors