Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ialhusari93
New Contributor II

fortigate 100E sd-wan problem

Dears ,


we have two ISP connections wan1 and wan2 which are configured to use SD-WAN on fortigate 100E , we have noticed that there is internet issues over some applications like anydesk connection timeout and slowness once the SD-WAN is on , how can we troubleshoot this further? everything becomes normal again once we turn off the SD-WAN .

 

Regards ,

 

2 Solutions
sjoshi
Staff
Staff

Hi ialhusari93,


Thank you for posting to the Fortinet Community Forum.

 

As per your description when you are using SDWAN you are facing issue while using some application and they are getting timeout.

 

Please let me know the SDWAN rule you are using.
When you are disabling the SDWAN then did you check by sending the traffic from both the interface and it was working good from both the interface or single interface.

Try enabling the sdwan and create a new rule and use manual method and sent the traffic via one ISP and check if the issue remains same.

 

Also do the following changes:-

 

config system interface
edit <wan1>
set preserve-session-route en
end

 

config system interface
edit <wan2>
set preserve-session-route en
end

 

Let us know if this helps.

 

Thanks

Salon Raj Joshi

View solution in original post

Muhammad_Haiqal

Hi ialhusari93,
Some application did not allow their traffic to be load balance due to integrity.

Session must be maintains on same ISP.
Example application: Teams meeting, VOIP


This command:

config system interface
edit <wan1>
set preserve-session-route en
end

 

Should fix the issue.

Else, please configure SDWAN rule for this application to go out to 1 ISP only.

 

 

haiqal

View solution in original post

10 REPLIES 10
sw2090
SuperUser
SuperUser

you could look at your session table. Probably you run into similar issues I ran into. I had some sites that use encrypted session cookies which kept throwing ppl out again and again because the sd-wan kept changing the wan interface even though the session still existed and broke the encryption with that. 

I finally had to except those with some sd-wan rule that forces them to use a speific interface only. 

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors