Helpful ReplyHot!SD-WAN Status check problem.

Author
Leeos
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/20 13:08:39
  • Status: offline
2019/11/06 03:34:24 (permalink)
0

SD-WAN Status check problem.

Hi,
 
FortiGate 200D - FortiOS v5.6.11 build1700 (GA). 5 wan connections.
 
Every 1-2 days some connections status changed to down.
But the connections are up! If I change the detect server its OK.
 
 
After 1-2 days down again! change the detect server all OK.
Example: Used 8.8.8.8 - OK, when down change to 8.8.4.4 - OK, when down back to 8.8.8.8, then 8.8.4.4 and so on...
I tried few others Ip addresses as detect server same result.  Any idea?
 
Thanks, Lior. 
#1
Fullmoon
Platinum Member
  • Total Posts : 859
  • Scores: 13
  • Reward points: 0
  • Joined: 2010/08/02 18:02:10
  • Status: offline
Re: SD-WAN Status check problem. 2019/11/06 04:01:20 (permalink)
0
how about upgrading the FGT 200D version to 6.0.5 or 6.0.6 and monitor its behavior.

Fortigate Newbie
#2
Leeos
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/20 13:08:39
  • Status: offline
Re: SD-WAN Status check problem. 2019/11/06 05:03:52 (permalink)
0
 
I like too, but its say, No Valid Upgrade path...
I do not want to loose configuration. 
#3
sw2090
Gold Member
  • Total Posts : 468
  • Scores: 23
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: SD-WAN Status check problem. 2019/11/06 06:17:09 (permalink)
0
two things:
 
1. what you describe is a known bug in 5.6.11 of which we still have no devinitve answer from TAC wehter it will be fied in 5.6.11 or not. Thus it is fixed in 6.0.6 or 6.2 . There is a thread about it in the "Routing & transparent mode" Forum here.
Sdwan Status Check - due to that bug - does detect that the interface/connection is back up but fails to bring back the routes.
You could deactivate the automatic routing in Status Check but  this would somewhat remove redundancy from your sdwan.
If you run into that issue and still have some way to access cli of your FGT you could restart the routing services (exec router restart) to make the routing work correctly again - until the next WAN Outage...
 
2. Yes there is no valid upgrade path from 5.6.10/11 to 6.0.6. This is because accoarding to the upgrad path utility on the support portal this is one single step. You can directly upgrade 5.6.10 or 5.6.11 to 6.0.6. This is officially supported.
post edited by sw2090 - 2019/11/06 06:20:33
#4
Leeos
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/05/20 13:08:39
  • Status: offline
Re: SD-WAN Status check problem. 2019/11/06 12:28:31 (permalink)
0
Thank you, for now I just check every morning and change if necessary the detect server from the GUI.
I do not see v 6.0.6 on Firmware Management. The latest is 6.0.5.
Is there a way to force Firmware search to make 6.0.6 available for upgrade?
 
 
#5
emnoc
Expert Member
  • Total Posts : 5366
  • Scores: 351
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: SD-WAN Status check problem. 2019/11/06 12:44:31 (permalink)
0
Same issues and upgrading fix the issues. You can monitor the SDWAN check via "diag sniffer packet <interfacename> " host x.x.x.x"
 
Ken Felix
 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#6
sw2090
Gold Member
  • Total Posts : 468
  • Scores: 23
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: SD-WAN Status check problem. 2019/11/07 02:44:55 (permalink) ☄ Helpfulby Leeos 2019/11/07 03:17:19
0
The other thread btw is here: https://forum.fortinet.com/tm.aspx?m=178607&tree=true
 
I just received the info from TAC that their internal management has escalated that bugfix to be backported to 5.6.
There is not yet any confirmation if it will be. TAC will keep me informed.
 
What I can confirm (since I hard tested that today with a test FGT here) is that the bug is fixed in 6.0.6.
#7
BeheerSigra
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/11/08 02:34:55
  • Status: offline
Re: SD-WAN Status check problem. 2019/11/08 02:39:01 (permalink)
0
Same issue here.
Hope that this bug is solved in version 5.6.11
#8
Jump to:
© 2019 APG vNext Commercial Version 5.5