I hope someone else has experienced this issue and has found a solution to my problem. We are trying to setup a SD-WAN interface on a Fortigate 80E with WAN1 configured as a manual or static interface and WAN2 configured as a PPPoE interface. The issue we are having is when we have both connections active, we are unable to get out. However if we disconnect the WAN1 interface, the connection over PPPoE(WAN2) does get out.
The firmware version we are running is v6.0.6 Build0272 (GA).
Has anyone else experienced this issue? Any insight is appreciated!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
I think this sounds like it is an issue with routing distances and proirities.
If I recall correctly a staticly assigned interface is "preferred" (shorter distance/ high proirity) over a PPPoE interface. So I would start by checking you have got those correctly set up. Check the routing tables etc.
SD-WAN should allow you to confgiure both paths to be used according to the metric you choose. eg, use one for primary one for failover, load balance across both etc.
I've just done a quick google and there is plenty of discussions about these topics in the Forum- so perhaps try that too and see if you can see anything helpful?
The Fortinet docs site (https://docs.fortinet.com/) has pretty good coverage of SD WAN too- just in case you weren't aware of it?
Hope that helps.
Kind Regards,
Andy.
Hi Andy,
Thanks for the reply. I looked at the distance/priority for both interfaces and it doesn't appear that I have the ability to set these on the static interface but did notice on the PPPoE interface that I have a distance of 10 and priority of 0.
I'll keep looking to see if I can find a resolution.
I am aware of Fortinet Docs...I used the link below as a guide for configuration.
Thanks,
Khien
You would set it via the static route section on the FortiGate.
For the dynamic interface (where it pulls an IP dynamically versus having it statically set) you would set the distance and priority on the interface itself.
The way it works, is DHCP interfaces default to a specific AD / PRIORITY and that is based on the interface specific setting for those metrics which you can view by going to config system interface > edit INTERFACENAME > get
kpham wrote:Hi Andy,
Thanks for the reply. I looked at the distance/priority for both interfaces and it doesn't appear that I have the ability to set these on the static interface but did notice on the PPPoE interface that I have a distance of 10 and priority of 0.
I'll keep looking to see if I can find a resolution.
I am aware of Fortinet Docs...I used the link below as a guide for configuration.
Thanks,
Khien
Mike Pruett
Thanks for the reply. I currently have one static route for the SD-WAN interface with this configuration. Should I have a static route for each WAN interface as well?
DRM-OFFICE # conf router static DRM-OFFICE (static) # edit 1 DRM-OFFICE (1) # get seq-num : 1 status : enable dst : 0.0.0.0 0.0.0.0 distance : 1 comment : virtual-wan-link : enable
You do not need to modify the routes, iirc a thread was raised about this and dual pppoe interfaces not working.If I recall if you add a 2nd one, it eliminate the routes form the 1st pppoe interface or something like that. You might do some search and raise a ticket with support. I would also update your FGT to the latest version also.
Ken Felix
PCNSE
NSE
StrongSwan
Thanks for the reply. I only have one PPPoE interface and will keep looking for a resolution.
Perhaps try enabling dynamic-gateway for WAN2. Not sure you would also need to set distance and priority, though.
config router static
edit 0 set device "wan2" set dynamic-gateway enable next end
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Thanks for the help from everyone but I was able to get the issue resolved. Turned out to be Performance SLA configuration which I assumed was optional.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.