My team has been deploying a lot of SDWan lately with DIA and Broadband circuits. We have a couple of sites that have frequently been reporting session disconnects from cloud hosted applications and SIP phones that suddenly lose audio.
I asked the sites to start reporting the exact times so I could correlate their issues to events in the logs. So far, each reported event seems to correlate to SDWan changes. Digging in deeper, neither of the circuits seem to be dropping, just falling outside the defined SLA values.
Each time it was reported, I checked the active sessions on the firewall for the impacted phones and saw the destination interface being used didn't match the interface SDWan was preferring at the time. This leads me to believe the SDWan decisions are impacting existing connections.
If I have the "Update Static Route" slider enabled, and a circuit doesn't meet the defined SLA requirement, will it break existing connections by removing the route, but keep the sessions active in state?
When would a person want to enable this slider and when would they want to keep is disabled?
Denny
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Option update-static-route will remove route from routing-table only if the health-check for that interface is dead. If it is out-of-sla, it will be still in the routing-table.
If you have SLA targets enabled for health-check, if the metric will be not within, then the interface might not be used in sdwan rule and other interface will be preferred.
How are your SIP phones connecting across your WAN? Do you have IPSec tunnel? Or is it going to Internet somewhere? If it's using internet you are likely doing NAT. When SD-WAN SLA causes a new interface to be used you will be establishing a new session with new SNAT and that will break SIP communications as it has to reconnect.
If you have IPSec tunnel overlay you can switch between WAN links seamlessly...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.