Load Balancing Per-Rule
This feature introduces SD-WAN load balancing for all explicit rules. When a rule is hit, traffic is hashed based on the defined load balancing algorithm among the selected SD-WAN members that satisfy the defined SLA.
Previously, SD-WAN load balancing was only available on the last implicit rule. This covered all the SD-WAN interface members, but when an explicit SD-WAN rule was created, it prevented load balancing from occurring for that protocol, and traffic was only routed over a single interface.
ADVPN is not supported in this mode.
To add load balancing to a rule with the GUI:
- Go to Network > SD-WAN Rules.
- Edit a rule, or create a new one.
- Under Outgoing Interfaces, select a Strategy, Interface preference, and Required SLA target or Measured SLA.
- Click OK to apply your changes.
To add load balancing to a rule with the CLI:
config system virtual-wan-link config service edit 1 set name "balance" set mode load-balance set dst "10.100.20.0" config sla edit "ping" set id 2 next end set priority-members 1 2 3 next end end
To diagnose the load balancing status:
FGT_A (root) # diagnose sys virtual-wan-link health-check Health Check(ping): Seq(2): state(alive), packet-loss(40.000%) latency(0.049), jitter(0.017) sla_map=0x3 Seq(1): state(alive), packet-loss(0.000%) latency(0.020), jitter(0.005) sla_map=0x3 FGT_A (root) # diagnose sys virtual-wan-link service Service(22): Address Mode(IPV4) flags=0x0 TOS(0x0/0x0), Protocol(0: 1->65535), Mode(load-balance) Members: 1: Seq_num(1), alive, sla(0x1), num of pass(1), selected 2: Seq_num(2), alive, sla(0x1), num of pass(1), selected Dst fqdn: gmail.com(119)