Hi all,
for a customer I'm configuring the sdwan,
In order to be sure that everything works fine, I have done failover test, in particular I have simulated a fault between two lines.
When it appears the device recognize the fault and it send traffic to another one but, when I enable the interface or reconnect the cable, the device takes 20-25 seconds to send traffic on both lines, in the meanwhile I receive a lot of packet loss.
I would like to know if there is a configuration-parameter that allow the device to "realize" in the fast way that the connection was recover.
How many time takes the device to "know" that the connection was established ?
Many thanks in adv.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Under the performance SLA there there is the "set recovery time" paramter which, by default has a value of 5 meaning: the SLA state switches back to alive after 5 consecutive responses from the SLA server.
This option is configurable both from the GUI and CLI:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/478384/performance-sla-link-monitoring
Hello aionescu,
in case of WAN1 interface failover to WAN2, it is possible to stick connectivity on the WAN2 without switching back to WAN1 when it is come back?
Hi Aionescu,
many thanks for your mail.
You need to know that this configuration I have already done on my devices with the same parameters. The FG version is 7.0.6
The problem is that when I reconnect the cable I have to wait at least 20 sec that the connection come back "up&running" .
For your opinion to allow the device to stay more active could I try to modify the value about "Failures before inactive" and "Restore link after" to put 3-4 instead of 5 ?
Could be a good solution?
Hello,
It depends, what kind of link it is, is it pppoe or dhcp? You can check via cli what is the status of the health-check.
Hi Adrian,
many thanks for your mail.
At the moment everything works fine.
Below the status of health check of the two lines.
As you can see I have the value of jitter and latency more high than the other line but, it is not represent a problem because the applications works fine.
Seq: state(alive), packet-loss(0.000%) latency(1.574), jitter(0.749), bandwidth-up(999999), bandwidth-dw(1000000), bandwidth-bi(1999999) sla_map=0x1
Seq: state(alive), packet-loss(0.000%) latency(63.428), jitter(11.240), bandwidth-up(999998), bandwidth-dw(1000000), bandwidth-bi(1999998) sla_map=0x0
I have problem only when I try to do failover between the line.
Paolo
Hi @espositop2004 , it makes no sense to have packet loss. Even if it takes longer than expected for the second link to recover (there is no info about routing protocols used) traffic should be sent over the active link.
Were you able to collect some traffic logs while the issue is ongoing?
Hi Aionescu,
at the moment I'm not able to do it because all devices are in production so that, I can do it next week when I'll migrate new branch office.
many thanks in advanced for your coop.
Regard,
Paolo
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.