FTP service problem on SD-WAN rules

Author
mjozo8
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/09 07:03:57
  • Status: offline
2019/05/10 00:10:11 (permalink)
0

FTP service problem on SD-WAN rules

Hy,
I have setup SD-WAN on my Fortigate 80E (6.2.0 version).
I have two WAN with gateway and same cost and on implicit rule I setup Spillover.
My WAN1 have 30/30Mbps, WAN2 50/4Mbps.
I want put all my FTP traffic over WAN1 and when I create SD-WAN rule (source all, destination application (all with FTP), manual outgoing interface WAN1) it wont work thought WAN1.
But when i put (source all, destination all on port range 21, manual outgoing interface WAN1) it works fine.
Is there some problem with Fortigate build In service?
#1

1 Reply Related Threads

    Stephenzhang_FTNT
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/12/22 10:58:47
    • Status: offline
    Re: FTP service problem on SD-WAN rules 2019/05/14 14:05:36 (permalink)
    0
    Hi Mjozo8,
     
    Thank you for the message.
    1, When you using application in SD-WAN service rules, you need enable application-control in firewall policy as following:
    config firewall policy
    edit 1
         set utm-status enable
         set application-list "g-default"
    end
     
    2, Then the SD-WAN service rule will check the traffic and look for the application. for the 1st occurrence of the traffic, it may use implicit rule to forward. the 2nd time, same traffic come, it will use the configured service rule. you can use the following command to check which IPs the SD-WAN has learnt for application-control.
    diagnose sys virtual-wan-link internet-service-app-ctrl-list
     
    Hope this answer can help you fix the problem,
    Stephen
     
    #2
    Jump to:
    © 2019 APG vNext Commercial Version 5.5