Dears ,
we have two ISP connections wan1 and wan2 which are configured to use SD-WAN on fortigate 100E , we have noticed that there is internet issues over some applications like anydesk connection timeout and slowness once the SD-WAN is on , how can we troubleshoot this further? everything becomes normal again once we turn off the SD-WAN .
Regards ,
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi ialhusari93,
Thank you for posting to the Fortinet Community Forum.
As per your description when you are using SDWAN you are facing issue while using some application and they are getting timeout.
Please let me know the SDWAN rule you are using.
When you are disabling the SDWAN then did you check by sending the traffic from both the interface and it was working good from both the interface or single interface.
Try enabling the sdwan and create a new rule and use manual method and sent the traffic via one ISP and check if the issue remains same.
Also do the following changes:-
config system interface
edit <wan1>
set preserve-session-route en
end
config system interface
edit <wan2>
set preserve-session-route en
end
Let us know if this helps.
Thanks
Hi ialhusari93,
Some application did not allow their traffic to be load balance due to integrity.
Session must be maintains on same ISP.
Example application: Teams meeting, VOIP
This command:
config system interface
edit <wan1>
set preserve-session-route en
end
Should fix the issue.
Else, please configure SDWAN rule for this application to go out to 1 ISP only.
Hi ialhusari93,
Thank you for posting to the Fortinet Community Forum.
As per your description when you are using SDWAN you are facing issue while using some application and they are getting timeout.
Please let me know the SDWAN rule you are using.
When you are disabling the SDWAN then did you check by sending the traffic from both the interface and it was working good from both the interface or single interface.
Try enabling the sdwan and create a new rule and use manual method and sent the traffic via one ISP and check if the issue remains same.
Also do the following changes:-
config system interface
edit <wan1>
set preserve-session-route en
end
config system interface
edit <wan2>
set preserve-session-route en
end
Let us know if this helps.
Thanks
Dear ,
Please let me know the SDWAN rule you are using. I am using manual rule as you suggested and sending the traffic through one ISP and As long as the SD-wan is on the slowness is happening on some apps like anydesk ,So to avoid this I have to disable one of the WANs interfaces .
When you are disabling the SDWAN then did you check by sending the traffic from both the interface and it was working good from both the interface or single interface . Without sd-wan the traffic works fine from both WANs
Can you explain more about the command set preserve-session-route en ?
Thank you
Hi,
Please find the link for your reference regarding preserve-session-route
Thanks
Hi ialhusari93,
Some application did not allow their traffic to be load balance due to integrity.
Session must be maintains on same ISP.
Example application: Teams meeting, VOIP
This command:
config system interface
edit <wan1>
set preserve-session-route en
end
Should fix the issue.
Else, please configure SDWAN rule for this application to go out to 1 ISP only.
Dear Muhammad ,
configure SDWAN rule for this application to go out to 1 ISP only. I did for my user as shown below but that application still slow and have delay , if I put this command set preserve-session-route en on my wan interface , how can I disable it just in case it did not work ?
Hi ialhusari93,
Do you mind to share the application that you configured for this source "Ibrahim"?
If you believe this is fortigate issue, can you test your PC directly to the WAN1?
There are some possibilities for this issue:
1. Static route is not send to the SDWAN. But to your WAN1 and WAN2 individually.
2. Policy IPv4 set to WAN1 and WAN2 individually. It should be to SDWAN interface.
3. Application dependencies is not included on the application list.
4. DNS issue. Change your PC DNS to 8.8.8.8 for troubleshooting.
5. ISP issue itself - try to connect direct.
6. etc
Let me know if you have any questions.
Dear Muhammad ,
both wan1 and wan2 are working fine separately without sd-wan , once the sd-wan is on my users can't using anydesk app and it starts to become slow and drop connection every 5 minutes , I have checked everything from Static route , Policy IPv4 , ISP everything is configured properly
hi ialhusari93,
Please share me your static route and policy ipv4 page so i can get some idea on that. :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.