Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ialhusari93
New Contributor II

fortigate 100E sd-wan problem

Dears ,


we have two ISP connections wan1 and wan2 which are configured to use SD-WAN on fortigate 100E , we have noticed that there is internet issues over some applications like anydesk connection timeout and slowness once the SD-WAN is on , how can we troubleshoot this further? everything becomes normal again once we turn off the SD-WAN .

 

Regards ,

 

2 Solutions
sjoshi
Staff
Staff

Hi ialhusari93,


Thank you for posting to the Fortinet Community Forum.

 

As per your description when you are using SDWAN you are facing issue while using some application and they are getting timeout.

 

Please let me know the SDWAN rule you are using.
When you are disabling the SDWAN then did you check by sending the traffic from both the interface and it was working good from both the interface or single interface.

Try enabling the sdwan and create a new rule and use manual method and sent the traffic via one ISP and check if the issue remains same.

 

Also do the following changes:-

 

config system interface
edit <wan1>
set preserve-session-route en
end

 

config system interface
edit <wan2>
set preserve-session-route en
end

 

Let us know if this helps.

 

Thanks

Let us know if this helps.
Salon Raj Joshi

View solution in original post

Muhammad_Haiqal

Hi ialhusari93,
Some application did not allow their traffic to be load balance due to integrity.

Session must be maintains on same ISP.
Example application: Teams meeting, VOIP


This command:

config system interface
edit <wan1>
set preserve-session-route en
end

 

Should fix the issue.

Else, please configure SDWAN rule for this application to go out to 1 ISP only.

 

 

haiqal

View solution in original post

10 REPLIES 10
sjoshi
Staff
Staff

Hi ialhusari93,


Thank you for posting to the Fortinet Community Forum.

 

As per your description when you are using SDWAN you are facing issue while using some application and they are getting timeout.

 

Please let me know the SDWAN rule you are using.
When you are disabling the SDWAN then did you check by sending the traffic from both the interface and it was working good from both the interface or single interface.

Try enabling the sdwan and create a new rule and use manual method and sent the traffic via one ISP and check if the issue remains same.

 

Also do the following changes:-

 

config system interface
edit <wan1>
set preserve-session-route en
end

 

config system interface
edit <wan2>
set preserve-session-route en
end

 

Let us know if this helps.

 

Thanks

Let us know if this helps.
Salon Raj Joshi
ialhusari93
New Contributor II

 

Dear  ,

 

Please let me know the SDWAN rule you are using. I am using manual rule as you suggested and sending the traffic through one ISP and As long as the SD-wan is on the slowness is happening on some apps like anydesk ,So to avoid this I have to disable one of the WANs interfaces .

 

When you are disabling the SDWAN then did you check by sending the traffic from both the interface and it was working good from both the interface or single interface . Without sd-wan the traffic works fine from both WANs

Can you explain more about the command set preserve-session-route en ?

 

Thank you

sjoshi

Hi,

 

Please find the link for your reference regarding preserve-session-route

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Enabling-the-preserve-session-route/ta-p/1...

 

Thanks

Let us know if this helps.
Salon Raj Joshi
Muhammad_Haiqal

Hi ialhusari93,
Some application did not allow their traffic to be load balance due to integrity.

Session must be maintains on same ISP.
Example application: Teams meeting, VOIP


This command:

config system interface
edit <wan1>
set preserve-session-route en
end

 

Should fix the issue.

Else, please configure SDWAN rule for this application to go out to 1 ISP only.

 

 

haiqal
ialhusari93

Dear Muhammad ,

configure SDWAN rule for this application to go out to 1 ISP only. I did for my user as shown below but that application still slow and have delay , if I put this command set preserve-session-route en  on my wan interface , how can I disable it just in case it did not work ?

 

 

zxc.JPG

Muhammad_Haiqal

Hi ialhusari93,

Do you mind to share the application that you configured for this source "Ibrahim"?

 

If you believe this is fortigate issue, can you test your PC directly to the WAN1?

There are some possibilities for this issue:
1. Static route is not send to the SDWAN. But to your WAN1 and WAN2 individually.

2. Policy IPv4 set to WAN1 and WAN2 individually. It should be to SDWAN interface.

3. Application dependencies is not included on the application list.

4. DNS issue. Change your PC DNS to 8.8.8.8 for troubleshooting.

5. ISP issue itself - try to connect direct.

6. etc

 

Let me know if you have any questions.

haiqal
ialhusari93

Dear Muhammad ,

both wan1 and wan2 are working fine separately without sd-wan , once the sd-wan is on my users can't using anydesk app and it starts to become slow and drop connection every 5 minutes , I have checked everything from Static route , Policy IPv4 , ISP everything is configured properly

 

 

Muhammad_Haiqal

hi ialhusari93,

Please share me your static route and policy ipv4 page so i can get some idea on that. :)

haiqal
ialhusari93

sr1.JPGsr2.jpg

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors