Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

SD-WAN - Keep connectivity on newly active link without switching back to a recovered primary link

Hello Everyone,

just a quick question.

I have a simply SDWAN Manual policy with Manual Preference, Wan 1 and Wan 2.

Both links are not reliable, so it happens that connectivity fails on Wan 2, and after few minutes Wan 1 comes back and Wan 1 is newly the active link.

This policy is configured for a very particular application who suffers when public IP chagnes.

So, my goal is:

When WAN 2 becomes active and WAN 1 is restored after a failure, internet connectivity stays on WAN 2 until a new failover occurs.

Is this possible? 

thank you

Living our FortiLife
Living our FortiLife
Contributor III

If you do not have a preference for which WAN is used when, you could simply not have any SDWAN rules and then use either Source IP or source-destination IP for the Load balancing algorithm.  As long as you have "set update-static-route enable" on the performance SLA, it will remove the route and just go out the interface that is still there.


Existing sessions should stay where they already are and related traffic load balanced accordingly.




hey disti,

thank you for your feedback.

Will this prevent the traffic to come back on WAN1 when this interface is back to available?

Living our FortiLife
Living our FortiLife

No new sessions and clients talking will go back to WAN1 but existing ones should stay on WAN2 until they end their sessions.  


like i guess... so, this is won't accomplish my goal (customer request)

anyway, thank you

Living our FortiLife
Living our FortiLife

This is a little bit different of a setup but could work. Would require a lot of tests to make sure but you could try the following:


1. Setup a link monitor or sdwan SLA monitor for both wan ports with update-static-route enable.

2. Create both default routes with a distance of 10

3. Create an automation stitch that watches the logs for a link monitor or sdwan monitor failure.  Have it trigger a script that changes the distance to 5 on the wan port that is still healthy and sets the distance to 10 on the unhealthy wan port (in case it was previously unhealthy).  This way when the other wan link comes back up it will not be used because its route will have a distance of 10 and the other one has a distance of 5.  


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors