Performance SLA link health monitoring measures the health of links that are connected to SD-WAN member interfaces by sending probing signals through each link to a server and measuring the link quality based on latency, jitter, and packet loss. If a link fails all of the health checks, the routes on that link are removed from the SD-WAN link load balancing group, and traffic is routed through other links. When the link is working again the routes are reestablished. This prevents traffic being sent to a broken link and lost.
When an SD-WAN member has multiple health checks configured, all of the checks must fail for the routes on that link to be removed from the SD-WAN link load balancing group.
In this example:
- Interfaces wan1 and wan2 connect to the internet through separate ISPs
- The detection server IP address is 220.127.116.11
A performance SLA is created so that, if one link fails, its routes are removed and traffic is detoured to the other link.
- On the FortiGate, enable SD-WAN and add wan1 and wan2 as SD-WAN members, then add a policy and static route. See Configuring the SD-WAN interface for details.
- Go to Network > Performance SLA.
- Click Create New. The Performance SLA page opens.
- Enter a name for the SLA and select a protocol.
- In the Server field, enter the detection server IP address (18.104.22.168 in this example).
- In the Participants field, select both wan1 and wan2.
- Configured the remaining settings as needed, then click OK.
config system virtual-wan-link config health-check edit "server" set server "22.214.171.124" set update-static-route enable set members 1 2 next end end
FGT # diagnose sys virtual-wan-link health-check Health Check(server): Seq(1): state(alive), packet-loss(0.000%) latency(15.247), jitter(5.231) sla_map=0x0 Seq(2): state(alive), packet-loss(0.000%) latency(13.621), jitter(6.905) sla_map=0x0