Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NetAdmin1229
New Contributor

FortiGate61E or F needs to be rebooted to restore its connection to WAN1

We are having to periodically reboot our FortiGates to restore its connection to WAN1 after it has failed-over to WAN2. The service to the ISP modem that is connected to WAN1 appears to drop momentarily and restores on its own or restores after the ISP modem is rebooted but the FortiGate will not reconnect to WAN1 unless the FortiGate is rebooted. 

 

FortiIOS Firmware v6.4.5

WAN1 and WAN2 are configured for DHCP

 

The following is the SLA and WAN-Failover we currently use in our configuration:

 

config health-check
edit "Internet SLA"
set server "63.97.252.225" "97.105.87.100"
set interval 1000
set failtime 60
set recoverytime 180
set members 0
config sla
edit 1
set latency-threshold 500
set jitter-threshold 500
set packetloss-threshold 10
next
end
next
end
config service
edit 1

 

set name "WAN-Failover"
set mode sla
set dst "all"
set src "Local Store"
config sla
edit "Internet SLA"
set id 1
next
end
set priority-members 1 2

1 REPLY 1
vsahu
Staff
Staff

As per the configuration of the SDWAN rule, the member that meets SLA targets is selected. When there is a tie, the member with the lowest assigned cost is selected.

So in the member configuration have you defined the cost? also, how you are doing the test? 

Because by default  when there's a routing change, established sessions with SNAT keep using the same outbound interface, as long as the old route is still active or they expire (even though the route is no longer the best)

If you do check what is my IP in the private window of the browser when the WAN1 is back up, which IP it shows can you confirm this?

You can enable SNAT route change it will help in fast failover because When 'seat-route-change' is enabled, after a routing change, routing information is flushed from existing SNAT sessions. So, the existing SNAT sessions can use the new best route.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-SNAT-route-change-to-update-existing...

Regards,
Vishal
Labels
Top Kudoed Authors