Dear all, Thanks for your attention on this post. The figure below is
the topology we are talking about.we have 4 sites (A/B/C/D as shown)
across the globe. There are Internet underlay and MPLS underlay between
each two sites. We implemented the SD-W...
hi all,thanks for your any help in advance?think of the
scenario:initially we have a sd-wan rule for traffic destined to
10.74.0.0/15 with an MPLS underlay interface as the SD-WAN member
interface, and sure we have a static route 10.74.0.0/15 and the...
hi team,really a big headache here.We are delivering desktops to users
using Microsoft SCCM + Autopilot. during the autopilot task sequences,
it's very likely to give the error "Oops, you've lost internet
connection" though I can call the CMD to ping...
Thanks for the help!When firewall receives traffic, it will match the
firewall policy by
Source_interfaces/Protocol/Source_Address/Destination_Address. I'd like
to know why destination interface or outgoing interface is NOT used in
policy matching? a...
Hi All, I've been trying to figure out what Online and Offline exactly
means in FortiClient EMS. As I can see, if I keep EMS connected at the
FortiClient end, it will be shown Online, no matter what the VPN
connection status is. If I manually disconn...
thanks a lot!actually asymetric routing will not drop the traffic
packet, right? it just might receive traffic from an interface failing
its SLA, and sends out traffic via the other overlay interface meets the
SLA, which looks like a circle, I think?
thanks Jolly for your reply.My question is, I have multiple sd-wan
member interface across sites, what if just one site has its one of
sd-wan member interfaces failing its SLA but every other site and their
SD-WAN member interface are all working as ...
tanks,. I am talking about the priority assigned to the static route.
two member interface in an SDWAN rule, should the static routes to
thoses two interface have different priority?
exactly. but the traffic from switch hit the same policy as the traffic
directly from the physical port on FW, and there is no drop as I checked
traffic logs from ForitiAnalyzer
thanks for your help.then another question is , how firewall match
traffic and policies speaking of outgoing interfaces?for incoming
interfaces, firewall receive traffic from it, and source/destination
address is also something firewall can identify....