Hi,
If I select manual mode on sd-wan policy, in what circumstances fortigate changes the wan1 to wan2? As far as I know, there is no SLA in manual mode. So when the wan1 link has high latency and lots of packet loss, how it is going to change the WAN link?
Solved! Go to Solution.
Hi @rezafathi
You do not have SLA configured for the SDWAN rule, but you should have performance SLA configured for the members of the interface to constantly ping external servers (for eg: 8.8.8.8). If the respective is having issue, it will fail the check and you should have "Update Static Route" enable so that it removes the default route to WAN1 from your routing table.
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/580649/link-health-monitor
Hi @rezafathi
If you opt to use manual mode on SDWAN policy, the traffic will not failover to WAN2 until WAN1 is down if you have WAN1 as the highest entry on interface preference:
https://docs.fortinet.com/document/fortigate/7.2.6/administration-guide/723448
how the fortigate going to know when WAN1 is down ? As it does not use any SLAs.
Hi @rezafathi
You do not have SLA configured for the SDWAN rule, but you should have performance SLA configured for the members of the interface to constantly ping external servers (for eg: 8.8.8.8). If the respective is having issue, it will fail the check and you should have "Update Static Route" enable so that it removes the default route to WAN1 from your routing table.
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/580649/link-health-monitor
I created a performance SLA which pings 8.8.8.8 and selected all zone members and also set the SLA target. So is this all required for WAN failover in manual mode?
Hi @rezafathi
Yes, the respective would work as a link monitor to monitor the health of WAN1 and WAN2.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.