Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jackt
New Contributor

Internet SLA didn't worked

Hello,

I have a setup with SD-WAN where I have multiple sites, on one of the sites I have two ISP connections.

To made failover I created Internet SLA to made failover possible.

 

So I created this in SD-WAN -> Performance SLAs

Zrzut ekranu 2024-12-20 123013.png

Last week the wan2 which was the active link went down (ISP told me they cut fiber cable during some repairs on the street).

 

The problem is that the failover didn't worked and I needed to move SD-WAN VPNs manually to wan1 link.

 

What I do wrong here ?

2 REPLIES 2
kgeorge
Staff
Staff

Hello @jackt,

 

I believe, this might help you,

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configure-IPsec-VPN-with-SD-WAN/ta-p/20984...

 

Kindly check if this topology matches with yours and make necessary changes accordingly for failover to happen as expected.

 

Have a nice day!

 

 

Regards,
Klint George
jackt
New Contributor

Hi,

Unfortunatelly my topology is much different that the one in example.

 

The problem is that I inherited this setup and not sure if all has been set correctly. 

 

I have two HUBs which this firewall is connecting to. This is main difference.

Zrzut ekranu 2024-12-24 095956.png

The wan2 link being down didn't switched VPN interface to wan1 which is up.

 

The only setting I suspect which may be reason for it is the "Update static route" which is disabled in the VPNs performance SLA. But Im not sure.

Zrzut ekranu 2024-12-24 100234.png 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors