Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RolandBaumgaertner72
New Contributor II

SD WAN Rules - Redirecting traffic via one WAN Access

Hello,

 

I have a problem with SD WAN Rule.FG100F with 6.4.10 and SD WAN with 3 x WAN and balancing over all 3 WANs. We need to access ariba from SAP and the user gets always the message that he previously connected with another IP and so his session gets closed.

 

We created for this one user a SD WAN Rule (we only have 2 IPs we get from the first connect and than the redirect) over ONE fix WAN and also the policy over the same WAN access. I can see HIT counts in the SD WAN rule and also traffic in the policy BUT we still get the message and the disconnect.

 

I am not 100% sure that only this user access to the system (there are like 50 remote users and maybe 1-2 of them also uses this system) but anyway we have a big problem since the customer needs this access and before we had quite some issues with SD WAN.

 

Is there anything more we have to consider to route this traffic via SD WAN Rule? We configure with best Quality and Internet Preference only using this WAN access.

 

Thanks!

3 REPLIES 3
sw2090
Honored Contributor

Did you ensure the correct order for your sdwan rules? They match top-down just like policies do. So you rule for that service must come first.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
RolandBaumgaertner72
New Contributor II

Hi,

 

yes sure, the SD WAN rule is on top ;)

 

Thanks

gfleming
Staff
Staff

Is the message implying that the user is already connected using a different IP or that he has previously connected using a different IP?

 

If SAP only allows one user to connect using ONE IP address, ever, then you might need to talk to SAP and tell them which IP it will be as they might still have the previous IP on record from before you made the SD-WAN rule changes...

Cheers,
Graham
Top Kudoed Authors