I have the following constellation which behaves quite strange
has 4 WANS. Port wan1,wan2,ha1,ha2. Those are members of sd-wan in following order:
wan1 cost 0
wan2 cost 0
ha1 cost 10
ha2 cost 10
the implicit sd-wan rule for loadbalancing is set to do spillover as lb algorithm.
thresholds are set like this:
wan1 egress 45000 kbit/s ingress 10000 kbit/s (is 50/12mbit vdsl)
wan2 is set like wan1
ha1 egress 10000 kbit/s ingress 1000 kbit/s (is 16/2.5mbit vds)
ha2 is set like ha1
there is no other sd-wan rules.
there is sd-wan health check for all four wan that reports all sla green.
All policies that allow traffic to the internet use sd-wan as destination and have dnat enabled.
I manually turned of the asic overloading option on these polices on cli as recommended for spillover.
Accoarding to Fortinet KB and Cookbook this should balance like this:
primary traffic goes to wan1
if wan1 is over threshold it goes to wan2
if wan2 is over threshold it goes to ha1
if ha1 is over threshold it goes to ha2
Traffic view on dashboard of the 100E shows me that currently none of the four has traffic over threshold at all.
Thus clients get routed to the internet using ha1 oder ha2 even though wan1 and wan2 with much more bandwith are available to the loadbalancer.
does anyone have some hint for me why it bhaves like that?
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.