Question for the SDWAN SLA configuration

BensonLEI · 05-23-2023

Hi, guys, It has been frustrated about this configuration; the sslvpn idle-timer is still not working. I configured all related parameters/attributes as the following weblink:Technical Tip: SSL-VPN Idle-timeout not working My network configuration as...

BensonLEI · 10-25-2022

Hi, guys, I am using Fortigate 400E with FortiOS v7.0.3; A SDWAN configuration of 3 internet lines; lines information are the following:1. line1 = 100.100.100.0/24 ; ( a VIP mapping - 100.100.100.10-NATed-10.16.6.35 )2. line2 = 111.111.111.0/24 ; ( a...

BensonLEI · 10-11-2022

Hi, guys, I am currently using Fortigate 400E with FortiOS v7.0.3, with the SDWAN configuration of 3 internet lines.I tried to test the destination IP with traceroute/pingtest as the following test cases: SDWAN configuration:1. service rule = Maximiz...

BensonLEI · 10-06-2022

Hi, guys, I am using Fortigate 400E with FortiOS v7.0.3, and the SDWAN SLA performance configuration for the 3-link SDWAN ( SDWAN health-check ) is below: SLA configuration and verification:-----------------------------------------------------------1...

BensonLEI · 08-30-2022

Hi, guys, I am using Ftg400E HA with FortiOS v7.0.3.Three internet lines are configured in the Ftg400E and formed into "SDWAN for internet access"; the SDWAN rule is using "maximize bandwidth mode", so three lines are sharing the internet traffic loa...

BensonLEI · 05-24-2023

Hi, Toshi,Thanks so much for your prompt response and detailed explanation.So the Fortigate sslvpn idle-timer starts to count down/trigger at the condition of absolutely no tunnel traffic. May I know if anything keeps monitoring the sslvpn tunnel ali...

BensonLEI · 05-24-2023

Hi, Toshi, You are correct, the following udp traffic is captured from the tunnel IP:02DC_Ftg100E_primary # diag sniffer packet ssl.root 'host 10.212.134.202'4 0 ainterfaces=[any]filters=[host 10.212.134.202]2023-05-25 04:26:23.318327 ssl.root in 10....

BensonLEI · 05-24-2023

Hi, Toshi, Thanks so much for your reply, attached is the my test result, that may show you a bit clear:1. tunnel IP2. no tunnel traffic received ( that should be clear enough to verify the sslvpn idle-timer ) Other SSLVPN settings:------------------...

BensonLEI · 05-24-2023

Hi,Haiqal,Noted with thanks; for my test, I just set up the sslvpn connection ( with no other network traffic test - ping, traceroute, http.. ), and then waited until sslvpn idle-timer expired.

BensonLEI · 05-24-2023

Hi, guys, I captured some packets as below ( the Fortigate is HA structure ).1. no udp traffic between the sslvpn client and Fortigate.2. no any. udp/tcp traffic for tunnel ip = 10.212.200.101 (sslvpn client, only this ip was assigned)3. only sslvpn ...

User Statistics

User Activity

SSLVPN idle-timer not working

"session clashed" issue in SDWAN configuration

Local out traffic selects the wrong SDWAN gateway for outgoing traffic ?