Virtual WAN link, load balance, and failover/failback
The get VWAN status returns an empty output
-
Virtual VWAN only functions when FortiExtender operates in NAT mode. Check the network mode in
get extender statusto confirm that NAT mode is configured. -
Check configurations under
system virtual-wan interfaceto see if the type, members, and status are correctly configured -
Check configurations under
system vwan-memberto see if the target and health check event is correctly linked.
No link load balance is seen in the virtual WAN interface
-
While running traffic, use the command
get vwan statusto check the link data usage. Issue the command several times to see the increments of incoming and outgoing data. An active member is expected to be seen with an increasing amount of incoming and outgoing packets. -
Check the member's health status with the command
get hmon hchk <instance>to see if all members are alive. -
Check that related firewall and routing policies allow the virtual wan interface to pass and steer traffic.
Example firewall and routing policy configuration:
config firewall policy edit vwan_permit_out set srcintf any set dstintf vwan1 set srcaddr lan set dstaddr all set action accept set status enable set service ALL set nat disable next edit vw_mb1_nat set srcintf any set dstintf wan set srcaddr lan set dstaddr all set action accept set status enable set service ALL set nat enable next edit vw_mb2_nat set srcintf any set dstintf lte1 set srcaddr lan set dstaddr all set action accept set status enable set service ALL set nat enable next end config router policy edit to_vwan set input-device set srcaddr lan set dstaddr all set service ALL set target target.vwan1 set status enable set comment next end