Problem with SD-WAN

joko · ‎08-02-2018

need Help,

problem SD-WAN connection on my firewall 60 D firmware v5.6.5 build1600 (GA),

I have 2 ISP connect to my Firewall, after i configure the SD-WAN, status on isp 2 Port WAN 2 Alwasy down, but when i check on interface WAN 2 status is up,

Dave_Hall · ‎08-03-2018

Screenshot isn't that clear. How are you doing the status checking or health checking on WAN2? - even with WAN2 connection up the fgt may be thinking the connection is down due to the settings for the status/health check. If you are using ping to google's DNS 8.8.8.8, make sure this IP is pingable on the WAN2 connection.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

joko · ‎08-03-2018

Hi dave,

sory for unclear pic,

How are you doing the status checking or health checking on WAN2?

By Ping To 8.8.8.8

If you are using ping to google's DNS 8.8.8.8, make sure this IP is pingable on the WAN2 connection

I test by Unplug ISP cable in Wan 1 reconfigure the config using 1 ISP on WAN 2 Ping to 8.8.8.8 Ok no problem

but if I change the server address SD-WAN Status Check to another address, wan 2 interface will be up but only about 10 seconds later it will come back down

and for your info, On Port WAN 1 i got dynamic ip address from isp, on wan 2 i have static ip from ISP

Thanks,

Hare the capture :

Dave_Hall · ‎08-03-2018

Are you able to create a WAN status check for WAN2 that is separate from the one used for WAN1?

Someone correct me if this is incorrect, but I always assumed for proper load-balancing the WAN connections should have the same distance/metric - it's the Load Balancing Algorithm that determines how traffic is dispersed.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

joko · ‎08-03-2018

hi dave,

I already solved this problem This morning, It because I need to Add gateway on port wan 2, becouse on port WAN 2 i have a static ip from my ISP and on port WAN 1 DHCP from my ISP :)

Thanks for your respond :)

Joko Purnomo

Dave_Hall · ‎08-03-2018

Funny you would say that - the routing monitor is usually the first place I would check for the distance/metric and see if the default routes are showing up. :)

joko wrote:
I already solved this problem This morning, It because I need to Add gateway on port wan 2, becouse on port WAN 2 i have a static ip from my ISP and on port WAN 1 DHCP from my ISP :)

Thanks for your respond :)

Joko Purnomo

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

neonbit · ‎08-04-2018

When using SD-WAN you will only need to create one default route (0.0.0.0/0) that points to your SD-WAN interface.

You then specify each interfaces next hop/gateway in the SD-WAN configuration. In your configuration they both have 0.0.0.0/0 which is used for interfaces that use DHCP. So you could just change the gateway for wan1 to the next hop and leave wan2 as 0.0.0.0/0.

alex_buric · ‎11-28-2019

Dave Hall wrote:
Funny you would say that - the routing monitor is usually the first place I would check for the distance/metric and see if the default routes are showing up. :)

Routing monitor shows two default route, but after 10-15 seconds default for WAN2 is dissapered

WarClock · ‎08-06-2018

Hola buenas tardes gente, quisiera saber como hago para poder ver el estado de mis dos ISP del Internet, en una interface SD-WAN cuando se me cae una yo necesito saber eso.. alguien me puede ayudar....

Google translate: Hello good afternoon people, I would like to know how I can see the status of my two Internet ISP, in an SD-WAN interface when I drop an I need to know that .. someone can help me ....

joko · ‎08-13-2018

go to network==> SD-wan Status Check

OR

Monitor ==> SD-WAN monitor