I have two internet connections and am using SD-WAN with a 75% - 25% session load algorithm. I'm having issues with certain financial websites because my outbound NAT IP is changing in the middle of a browsing session. For example, a user goes to www.bank.com with the WAN1 address and after logging into the website the FortiGate starts using WAN2 to for www.bank.com. The website detects a new IP address and logs the user out. This happens even though WAN1 and WAN2 are both up. I know I can build a SDWAN rule to force the interface for connections to www.bank.com but this only seems to be happening on a couple of my Foritgate units. I don't have this problem everywhere, so I'm curious if anyone else has run into this issue.
What is the method of load balancing you are using for SDWAN? If you could share the output from:
config system sdwan
show
This is be helpful. More than likely you have two links that are very similar in quality and have the SDWAN setup to best quality so it flips every time there is a slight change in who is primary.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.