- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Strange Problem with SD WAN - Any Ideas?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Strange Problem with SD WAN - Any Ideas?
Hey,
we have a FG60F with 7.4.4 and 3 Interner Access (all of them >500/500MB). They called me yesterday and at 1700 they had no internet. I was OoO so I asked them to ping the firewall (OK) and check lights (check of FG and Switches) and everything inside seemed normal....but that all 3 accesses fail at the same time, that never ever happened.
They rebooted FG and all routers and nothing. At the end after 1 hour I told them to reboot FG, wait 2 mins and only connect WAN1 and sudenly it worked. I am not sure that this process solved the problem but 5mins later I connected via Forticloud and in SD WAN all of them were OK.
Today checking th logs at 1700 I only find "Member status changed" and "Member status changed. Member out-of-sla." At 18:27 I find "SDWAN SLA information warning" and Message "Service disabled caused by no outgoing path."
I am not worried that this can happen soon, but maybe one of you had the same experience once?
Thanks
Labels:
- Labels:
-
SD-WAN
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @RolandBaumgaertner72 ,
Based on the log events:
"Member status changed. Member out-of-sla." At 18:27 I find "SDWAN SLA information warning" and Message "Service disabled caused by no outgoing path."
This looks like the "expected" path to internet is down due to failed SLA and went to another path. Maybe your IPSEC VPN, MPLS, etc.
Please check your SDWAN SLA threshold and configure higher value. Example: Ping interval 6000second, latency 100ms, packet loss 10%.
You may also disable "Update static route" options. However the failover will not happen if this option is disabled.
haiqal
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
but having 3 Internet Access in SD WAN with the same load balancing it should not happen, no? I dont think that all of them failed.
Thanks!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
it can still happen even then - if all three memers fail to meet the sla target at the same time they all would be disabled and then there would be no path left over...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As I mentioned, that is really strange case. One of the Internet Acces is also used for Voip and they guaranteed that phones we working all the times....so it least one should pass the SLA.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
again we got the problem and all routes for SD WAN were down. This never happened before. Also right after I put up all of my SLA Performance Check data but again it happend.
Now I am applying no SLA and I just have the Implicit SD-WAN rule where I spilt 33% to all acceses.
Again, at least one year with 7.4.3 no problem at all and suddenly after upgrading to 7.4.4 at least 3-4 times the problem that all routes went down.
Its a formation center and they have lots of critical online tests right now, so we cannot change anything but any idea for a good workaround?
Thanks
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- 80F Issues with Active FTP 225 Views
- FortiClient always loses the connection a... 337 Views
- Connect Fortigate to a remote FortiAnalyzer 237 Views
- Issue resolving www.epicagames.com 367 Views
Labels
-
FortiGate
7,139 -
FortiClient
1,408 -
5.2
801 -
5.4
639 -
FortiManager
619 -
FortiAnalyzer
454 -
6.0
416 -
FortiAP
373 -
FortiSwitch
369 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
126 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
103 -
FortiGateCloud
97 -
FortiSIEM
94 -
FortiCloud Products
89 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiExtender
34 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
VDOM
17 -
Routing
16 -
FortiMonitor
15 -
Authentication
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
FortiCASB
12 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
FortiRecorder
10 -
Application control
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
4.0
7 -
Admin
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
IPS signature
5 -
Packet capture
5 -
Automation
5 -
DNS Filter
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiCache
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Web rating
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Fortinet Engage Partner Program
3 -
Traffic shaping profile
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1059 | |
| 883 | |
| 525 | |
| 441 | |
| 147 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.