I've got a customer who has a phone system which uses WAN2 and only works on this port. So I set a rule manually selecting WAN2. In case of a failure it switches to WAN1, on which the system doesn't work and it doesn't automatically switch back, even if WAN2 is back on.
Is there a way that it doesn't switch to WAN1? And if not, why doesn't it switch back to WAN2?
you might configure the sdwan rules so that the rules doen't match traffc coming from your phone system. Then make sure only there us a rule for wan2 that matches traffic from phone system and only has wan2 as interface. Then only this traffic can hit this rule and it cannot do failover because all other ones don't match.
You have to do this way because there always is the explicite sdwan rule that matches all traffic that ain't matched by any other rule (just like explicit deny in policies does).
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
so now I made an address group with an exception for the phone system and set the "all" SD-WAN rule to that group as source. now the phone system isn't in any other roule as source than the one with the manual WAN port. Is that the way it should work?
as long as that is the first rule that matches the phone system it should work.
sd-wan rules are handled like policies: top down - first match wins the traffic :)
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Hi Daniel,
To provide you the best answer, we would need more information about the actual topology.
As starting point, can you check if the following KB matches your setup?
It works now with the phone system exluded from the "all" rule. Thank you very much!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.