Hello,
this happens now the second time with 2 different FG60 clusters. We have support tickets open but sofar no solution.
This time we had 7.4.4 SD Wan configuration and working fine now for at least 3 months. Today we updated to 7.4.5 (we had conserve mode issue) and right away we get problems with the SLA Performance and since it puts down WAN2 interface I only have read only access from the Forticloud. I can access via WAN1 and the MPLS but I am not in the office now.
We had standard SLA performance rules:
1. Cloudflare ping to 1.1.1.1
>WAN1 OK
>WAN2 DOWN
2. Default DNS ping to FG DNS
>WAN1 OK
>WAN2 OK
3. Google Ping to 8.8.8.8
>WAN1 OK
>WAN2 DOWN
I really dont understand. I see in Fortiview that there are 500 sessions over WAN2 to the internet, it is working but since SLA performance kills the route, I dont have access from outside to the public IP.
What is the issue? Anybody else with the same problem? Any suggestions?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @RolandBaumgaertner72
As Fortiview shows 500 active sessions over WAN2 indicates that traffic is indeed passing through WAN2 but the SLA might incorrectly flag the WAN as down due to intermittent performance issues.
You can also check out these below documents
Please refer to this article for Performance SLA troubleshooting: https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-SD-WAN-performance-SLA-down/ta-p/217...
Regards,
Hi,
this is what I get with SD WAN Health
>>>> # diagnose sys sdwan health-check
Health Check(Default_DNS):
Seq(1 wan1): state(alive), packet-loss(1.000%) latency(35.677), jitter(5.860), mos(4.379), bandwidth-up(988267), bandwidth-dw(961331), bandwidth-bi(1949598) sla_map=0x1
Seq(2 wan2): state(alive), packet-loss(0.000%) latency(40.103), jitter(6.450), mos(4.377), bandwidth-up(999789), bandwidth-dw(999997), bandwidth-bi(1999786) sla_map=0x1
Health Check(Cloudfare):
Seq(1 wan1): state(alive), packet-loss(0.000%) latency(8.253), jitter(0.823), mos(4.399), bandwidth-up(988267), bandwidth-dw(961331), bandwidth-bi(1949598) sla_map=0x0
Seq(2 wan2): state(dead), packet-loss(100.000%) sla_map=0x0
Health Check(Google):
Seq(1 wan1): state(alive), packet-loss(0.000%) latency(4.060), jitter(0.736), mos(4.402), bandwidth-up(988267), bandwidth-dw(961331), bandwidth-bi(1949598) sla_map=0x1
Seq(2 wan2): state(dead), packet-loss(100.000%) sla_map=0x0
I am 100% sure that the WAN2 is working fine but due to the SLA performance tests it is shut down.
Besides, the 2 SLA rules are with Cloudflare Ping and Google HTTP, it is impossible that we cant reach that from wan2.
Any suggestions?
Thanks!
Hello Team,
You can try to ping with ping-option source and try to ping 8.8.8.8 with WAN2
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.