Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Infotech22
Contributor

Created on ‎12-14-2023 11:24 AM

Strange problem with failover WAN Connection

Hello forum,

We have a strange problem with failing failover WAN connection.
In SDWAN zone we use our two WAN connections, main and failover.
We have a strange problem that our failover WAN connection goes down always after few hours that we bring it back.
The only way to bring it back is to disabled and enable the port where failover WAN is, or to you failover WAN ip address as source in the ping options and ping something from the same subnet in which this failover WAN ip is.

I got in the call with ISP provider but they don't see any problem on their side.

I have a workarround on this with just creating a performance SLA to constantly ping something from that subnet but it's making me crazy, I need to find an real cause of the problem.


Does somebody have an idea?
Partner company said that it can be due to same HA mac address somewhere in ISP provider clients.
So if somebody have the same Fortigate HA cluster as us, and using the same subnet from ISP that we could get this problem.


Any recommendations could help.

Labels:
1786
0 Kudos
5 REPLIES 5
AEK
SuperUser
SuperUser

Created on ‎12-15-2023 12:41 AM

Hello

  • What is your FG model and FOS version?
  • Can you share SD-WAN config and Interface config of the affected port?
  • To which device (and model) is your affected port connected?
  • When you say WAN connection goes down, do you mean the port goes physically down (red)?
AEK
AEK
1754
0 Kudos
Infotech22
Contributor
In response to AEK

Created on ‎12-15-2023 01:04 AM

Hello @AEK ,

  • FG is 200F in HA cluster, Forti OS is 7.0.12
  • I will share picture of SD-WAN conifg
  • It's some router from ISP that is in the bridge mode
  • Interface doesn't goes down but in SLA it does and then test PC that I configure with SD-WAN rule to use this link get switches over to the working WAN link.
1745
0 Kudos
AEK
SuperUser
SuperUser
In response to Infotech22

Created on ‎12-15-2023 03:04 AM

Hello @Infotech22 

I don't know such behavior on FG. Can you check if your router goes to some kind of sleep mode?

AEK
AEK
1728
0 Kudos
Infotech22
Contributor

Created on ‎12-15-2023 01:04 AM Edited on ‎12-15-2023 03:04 AM

.

1744
0 Kudos
SassiVeeran
Staff
Staff

Created on ‎12-15-2023 09:02 AM

Hi, 

 

- if the failover WAN stop passing the traffic, check whether the port Tx & Rx counters of the port incrementing. 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-interface-error-counters/t...

- Try to check if any underlying factor such as MEM,CPU, top process, crashes..

- You may also do hardware test HQIP to verify if the port defective.

- Packet capture/sniffer on failover WAN port to see any traffic passes through.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Using-the-FortiOS-built-in-packet-sn...

- Open a ticket to TAC support to verify whether hit by any known issue 842159

https://docs.fortinet.com/document/fortigate/7.0.12/fortios-release-notes/236526/known-issues

1712
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.