Fortinet

FortiGate - Tunnel_Health_Check_In_SDWAN

Situation

# IPsec介面會被SDWAN判定成dead
The IPsec interface is 'dead' when typing "diag sys sdwan service".

# 錯誤訊息
Service disabled caused by no outgoing path > dead.

Solution

[1]
Add a IP on the tunnel interface and remote tunnel interface.

[2]
Use these IPs as SLA method.

Check

# 確認member
diag sys sdwan member

# 確認某個流量有沒有走到我想要的interface
diag sys sdwan service4

# 輸出每個健康檢查目標的狀態
diag sys sdwan health-check