FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes when link monitor is going down in SDWAN setup.
Solution In this scenario, Port 8 and Port 9 are in SDWAN with ECMP load balancing. Port is from ISP1 and Port 9 is from ISP 2 .
To make the link fail over there is link monitor in place for using both the Port 8 and Port 9 for the destination IP 8.8.8.8. Suddenly, link for port 8 will fail and port 9 is still working and all traffic is diverted to port 9.
On further verification, notice there is no reply packet seen from 8.8.8.8 on port 8.
Once the source IP is changed for port 8, the reply is visible. However, after some time it will go down again.
This behavior is due to FortiDDOS config on the Upstream device of the ISP1 connected to port8. Due to continuous icmp packets there is a chance that the ISP 1 has blocked the communication between SRC and destination. Hence it is recommended to make sure there are no FortiDDOS config on ISP level when the link monitor is used on public IP.
