Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rezafathi
Contributor II

Created on ‎12-04-2023 11:00 PM Edited on ‎02-26-2024 05:40 AM By Community Manager

SD-WAN Manual Policy

Hi,

 

If I select manual mode on sd-wan policy, in what circumstances fortigate changes the wan1 to wan2?  As far as I know, there is no SLA in manual mode. So when the wan1 link has high latency and lots of packet loss, how it is going to change the WAN link?

Reza F.
Reza F.
Labels:
595
0 Kudos
1 Solution
kcheng
Staff
Staff
In response to rezafathi

Created on ‎12-05-2023 12:08 AM

Hi @rezafathi 

 

You do not have SLA configured for the SDWAN rule, but you should have performance SLA configured for the members of the interface to constantly ping external servers (for eg: 8.8.8.8). If the respective is having issue, it will fail the check and you should have "Update Static Route" enable so that it removes the default route to WAN1 from your routing table.

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/580649/link-health-monitor

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

577
5 REPLIES 5
kcheng
Staff
Staff

Created on ‎12-04-2023 11:41 PM

Hi @rezafathi 

 

If you opt to use manual mode on SDWAN policy, the traffic will not failover to WAN2 until WAN1 is down if you have WAN1 as the highest entry on interface preference:

https://docs.fortinet.com/document/fortigate/7.2.6/administration-guide/723448

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
587
rezafathi
Contributor II
In response to kcheng

Created on ‎12-04-2023 11:58 PM

how the fortigate going to know when WAN1 is down ? As it does not use any SLAs.

Reza F.
Reza F.
583
0 Kudos
kcheng
Staff
Staff
In response to rezafathi

Created on ‎12-05-2023 12:08 AM

Hi @rezafathi 

 

You do not have SLA configured for the SDWAN rule, but you should have performance SLA configured for the members of the interface to constantly ping external servers (for eg: 8.8.8.8). If the respective is having issue, it will fail the check and you should have "Update Static Route" enable so that it removes the default route to WAN1 from your routing table.

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/580649/link-health-monitor

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
578
rezafathi
Contributor II
In response to kcheng

Created on ‎12-05-2023 12:27 AM

I created a performance SLA which pings 8.8.8.8 and selected all zone members and also set the SLA target. So is this all required for WAN failover in manual mode?

Reza F.
Reza F.
570
0 Kudos
kcheng
Staff
Staff
In response to rezafathi

Created on ‎12-05-2023 12:35 AM

Hi @rezafathi 

 

Yes, the respective would work as a link monitor to monitor the health of WAN1 and WAN2.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
565
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.