Swdan not working anymore

rezafathi · ‎12-19-2023

Hi

We havr swdan with 2 wan links. Everything was ok until our isp changed our default gateway and we had to change it on our sdwan interface too,but after that internet is not working nad also we have to disable wan1 port in sdwan in order to have internet on wan2. What is the problem?

Reza F.

adambomb1219 · ‎12-19-2023

Depends on many, many factors. Do you have an ARP entry for the ISP gateway? What does your ISP say? Does your ISP have an ARP entry for the FortiGate?

rezafathi · ‎12-19-2023

I can ping gateway but isp can not ping my wan interface.

Reza F.

adambomb1219 · ‎12-19-2023

Do you have Ping enabled on the WAN interface?

rezafathi · ‎12-19-2023

Yes. But can not ping it from outside. This is a weird situation because both links were working before changing wan1 default gateway in sdwan. Please help me bacause our company's main wan link is down and caused us lots of problem.

Reza F.

adambomb1219 · ‎12-20-2023

It sounds like you have a misconfigured route for WAN1 to me

hbac · ‎12-19-2023

Hi @rezafathi,

If wan1 doesn't work, it should failover to wan2 automatically. Please make sure you have performance SLA configured so that next time, it will failover without disabling wan1.

For the new default gateway, make sure there is an arp entry and try to ping it.

# get system arp

# exec ping x.x.x.x

Regards,

rezafathi · ‎12-19-2023

Yes there is an arp entry gor new gateway and i can ping that.

Reza F.

hbac · ‎12-19-2023

Hi @rezafathi,

You are able to reach the default gateway. Let's try to ping 8.8.8.8.

# exec ping-option reset

# exec ping-options interface wan1

# exec ping 8.8.8.8

# exec ping 1.1.1.1

If it doesn't work, most likely ISP issue. Reboot ISP router will be the first thing I'd try.

Regard,

rezafathi · ‎12-19-2023

8.8.8.8 not work. I connectd a laptop directly to the lan port of poe adapter of antenna and it worked but it did not work with firewall.

Reza F.