SDWAN IPsec Priority

Reinaldo1_ADD · ‎03-15-2024

Olá a todos, temos uma IPsec SD WAN com 3 links de provedores diferentes, constantemente temos algumas oscilações com alguns que o link não cai, minha dúvida é, como faço para priorizar os túneis VPN IPSec no IPsec SDWAN?

hbac · ‎03-16-2024

Hi @Reinaldo1_ADD,

You can set priority value for each SDWAN members. Please refer to https://community.fortinet.com/t5/FortiGate/Technical-Tip-Assigning-Priority-to-SD-WAN-Members-for-D...

Regards,

Reinaldo1_ADD · ‎03-18-2024

I did the configuration, but it didn't work, I believe that due to SLA performance it is down, but in IPSEC VPN they are all UP.

hbac · ‎03-19-2024

@Reinaldo1_ADD,

You need to specify source IP for performance SLA to go through the tunnel.

config system sdwan

config health-check

edit <>

set source x.x.x.x

end

Regards,

Reinaldo1_ADD · ‎03-20-2024

config system sdwan

config health-check

edit "Name of SLA"

set source "IP Interface LAN"

end

I did the configuration, but it didn't work, it continues as down.

Reinaldo1_ADD · ‎03-20-2024

The settings are like this:

config health-check
edit "SLA SDWan VPN Azure"
set server "192.168.250.4"
set source 192.168.1.1
set members 7 6 5
next
end

Members:

edit 5
set interface "VPN_AZURE_T2"
set zone "SDWAN-IPSec"
set source 192.168.1.1
set cost 5
set priority 2
next

edit 6
set interface "VPN_AZURE_T1"
set zone "SDWAN-IPSec"
set source 192.168.1.1
set cost 10
set priority 3
next

edit 7
set interface "VPN_AZURE_T3"
set zone "SDWAN-IPSec"
set source 192.168.1.1
next
end