Hi
I am following this page for SD WAN setup for link failover over: https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/990932/redundant-internet-with-sd-wan
I managed to get it some how working, however, it is a very strange behaviour
1. ping 8.8.8.8 on my Mac, which is connected to Fortigate via physical wire
2. remove WAN 1
3. the ping command in (1) report timeout, for more than 20 sec (which the default SLA check is 5 failed attempts for 1s interval)
4. I stopped the ping command, and restart ping again, now ping succeed.
So, every-time in order to fail over, I need to kill the ping session and restart,
are there any reason for this?
Yeah, if NAT is involved, existing sessions do not fail over. I was just reading that somewhere this morning.
Do you have below configured?
config system global
set snat-route-change enable
end
toshiesumi wrote:Do you have below configured?
config system global
set snat-route-change enable
end
Yes, still the same after enable
64 bytes from 8.8.8.8: icmp_seq=23 ttl=114 time=61.837 ms 64 bytes from 8.8.8.8: icmp_seq=24 ttl=114 time=51.808 ms 64 bytes from 8.8.8.8: icmp_seq=25 ttl=114 time=25.729 ms Request timeout for icmp_seq 26 Request timeout for icmp_seq 27 Request timeout for icmp_seq 28 Request timeout for icmp_seq 29 Request timeout for icmp_seq 30 Request timeout for icmp_seq 31 Request timeout for icmp_seq 32 Request timeout for icmp_seq 33 Request timeout for icmp_seq 34 Request timeout for icmp_seq 35 Request timeout for icmp_seq 36 Request timeout for icmp_seq 37 Request timeout for icmp_seq 38 Request timeout for icmp_seq 39 Request timeout for icmp_seq 40 Request timeout for icmp_seq 41 Request timeout for icmp_seq 42 Request timeout for icmp_seq 43 Request timeout for icmp_seq 44 Request timeout for icmp_seq 45 Request timeout for icmp_seq 46 Request timeout for icmp_seq 47 Request timeout for icmp_seq 48 Request timeout for icmp_seq 49 Request timeout for icmp_seq 50 Request timeout for icmp_seq 51 Request timeout for icmp_seq 52 ^C (Killed) --- 8.8.8.8 ping statistics --- 54 packets transmitted, 25 packets received, 53.7% packet loss round-trip min/avg/max/stddev = 3.412/33.286/73.416/20.695 ms MacBook-Pro:~ jacky$ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=116 time=18.188 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=116 time=18.335 ms
I don't know what version of FortiOS you're running but I would open a ticket to ask TAC if this is expected behavior.
toshiesumi wrote:Actually there are questions not related to the settings itself..Do you have below configured?
config system global
set snat-route-change enable
end
1. Why it is not the default like in other dual WAN router?
2. If user is downloading large file with the default *disable* option, the user would need to download them again?
I know only 6.0-6.2. But No.1 is my question too, "Why not default?". For a large file transfer, likely it's based on TCP, which would detect packet loss and initiate retrasmission.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.