Hi, guys,
I am using Ftg400E HA with FortiOS v7.0.3.
Three internet lines are configured in the Ftg400E and formed into "SDWAN for internet access"; the SDWAN rule is using "maximize bandwidth mode", so three lines are sharing the internet traffic loading.
Recently, "internet line B and line C" are found unstable, while internet A is working well; hence I intend to configure internet line A and B still running in maximize bandwidth mode (load-balance mode), while line C is configured as hot-standby line.
I tried this way, but failed ( still three lines running in round-robin mode) :
1. SDWAN rule is still using "Maximize bandwidth mode"
2. but limited 2 lines for load-balanced
3. configured line C with higher cost value
Configuration:
====================
Forti400e_01 # show sys sdwan
config system sdwan
set status enable
set load-balance-mode source-dest-ip-based
config zone
edit "virtual-wan-link"
next
edit "SASE"
next
edit "Access_to_Internet"
next
....
end
config members
edit 1
set interface "port2"
set zone "Access_to_Internet"
set gateway 203.15.105.97
next
edit 2
set interface "port3"
set zone "Access_to_Internet"
set gateway 112.84.27.1
next
edit 3
set interface "port4"
set zone "Access_to_Internet"
set gateway 104.118.6.225
set cost 10
next
Status checking:
====================================
Forti400e_01 # diag sys sdwan member
Member(1): interface: port2, flags=0x0 , gateway: 203.15.105.97, priority: 0 1024, weight: 0
Member(2): interface: port3, flags=0x0 , gateway: 112.84.27.1, priority: 0 1024, weight: 0
Member(3): interface: port4, flags=0x0 , gateway: 104.118.6.225, priority: 0 1024, weight: 0
.......
Forti400e_01 # get sys sdwan
status : enable
load-balance-mode : source-dest-ip-based
speedtest-bypass-routing: disable
duplication-max-num : 2
.......
Forti400e_01 # diag sys sdwan service
........
Service(1): Address Mode(IPV4) flags=0x200 use-shortcut-sla
Gen(1), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(load-balance hash-mode=round-robin)
Members(3):
1: Seq_num(1 port2), alive, sla(0x1), gid(2), num of pass(1), selected
2: Seq_num(2 port3), alive, sla(0x1), gid(2), num of pass(1), selected
3: Seq_num(3 port4), alive, sla(0x1), gid(2), num of pass(1), selected
Src address(1):
0.0.0.0-255.255.255.255
Dst address(1):
0.0.0.0-255.255.255.255
Forti400e_01 # diag firewall proute list
list route policy info(vf=root):
.........
id=2134900737(0x7f400001) vwl_service=1(Access_to_Internet) vwl_mbr_seq=1 2 3 dscp_tag=0xff 0xff flags=0x10 load-balance hash-mode=round-robin tos=0x00 tos_mask=0x00 protocol=0 sport=0-65535 iif=0 dport=1-65535 path(3) oif=10(port2) num_pass=1 oif=11(port3) num_pass=1 oif=12(port4) num_pass=1
source(1): 0.0.0.0-255.255.255.255
destination(1): 0.0.0.0-255.255.255.255
hit_count=22790680 last_used=2022-08-30 00:10:01
===================================================
Any suggestion/recommendation ?
Many thanks
BensonLEI
Dear Customer,
You can follow this link for the Maximum bandwidth:
https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/708464/maximize-bandwidth-sl...
You can also set the interface preference as link A
Hi, nnair,
If interface preferences only set as "link A", does it mean only "Link A" participates the SDWAN rule ( maximize balance mode ), thx ? or any more information for this item "interface preference"m thx ?
Hello,
If you will use all 3 links in SDWAN maximize-bandwidth rule, it will still be loadbalanced between all 3 links. You will need to create 2 rules:
- first rule you current maximize-bandwidth rule but remove link C
- second rule probably manual, with link C as only link in rule.
And you will need to enable SLA on health-checks to know when links are considered bad and not to use in first rule. If both LinkA and LinkB will be bad, then link C will be used.
Created on 09-02-2022 12:50 AM Edited on 09-02-2022 12:54 AM
We need a rule for link C is hot-standby
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.