We have a fortigate 60D, running 6.0.9, with two WAN lines from two different ISP's.

WAN1 interface - ISP#1

WAN2 interface - ISP#2

which are members of sd-wan for redundancy & load balancing.

we have some peculiar issues with the connectivity via WAN1 interface..

WAN2 line was delivered ahead in time by ISP#2, and everything was working ok. No issues from workstations surfing various sites/services via WAN2, and the Fortigate was updating normally every day & sending the logs to the Forticloud account.

As soon as WAN1 was connected into the Fortigate60D, updates ALLWAYS fail..

They worked only for a small period of time when WAN1 was out of service due to maintenance. This is also the only time period when logs were sent to our forticloud account.

WAN1 works smoothly for our site-to-site VPN with our headquarters, and remote workers can connect via WAN1 with forticlient.

BUT

- some ERP services don't get through if the traffic is gone via WAN1 (we have to select specifically WAN2 in sdwan rules in order to be able to work to our ERP) and our printers/scanners cannot scan to mail to our office365 mail accounts, unless we also specifically select WAN2 in sd wan rules for the printers/scanners.

Is it a 6.0.9 bug ? Is there an incompatiblity between Fortigate and some ISP ?

Can we force Fortigate to update itself via WAN2 so that we have at least an updated machine that sends logs thorougly ?