I found on our FortiWiFi 60E FortiOS v6.4.4 build1803 the follow lines:
As you can see, all traffic from Lan subnet already route to wan2 by policy 39.
So how it's possible Hit-count (>0) for policy 35?
(I clear all Hit-count before i take above snapshot)
Do you have any link monitors or sdwan performance checks that are set to remove routes when there is a failure?
If you clear all sessions on the firewall do you see the same behavior? Could be an existing session using wan1 still.
di sys session clear
Thanks reply me.
Link-monitor. did you mean to Performance SLA screen? No there have nothing.
I check it after I made restart. I supposed it's equivalent to clear sessions.
Could you share the configuration you have from the CLI of the link-monitor?
yyy-j2 $ show full-configuration system link-monitor
config system link-monitor
end
yyy-j2 $ diagnose sys link-monitor status
yyy-j2 $
yyy-j2 $
Sorry without seeing the full configuration and running some diag debug flow filter commands to see the decisions that are being made by the Fortigate it would be hard to give a definitive answer. Your best bet may be to open a TAC case to help better understand it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.