Fortinet black logo

New Features

Passive WAN health measurement

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:208103
Download PDF

Passive WAN health measurement

SD-WAN passive WAN health measurement determines the health check measurements using session information that is captured on firewall policies that have passive-wan-health-measurement enabled.

Using passive WAN health measurement reduces the amount of configuration required and decreases the traffic that is produced by health check monitor probes doing active measurements. Active WAN health measurement using a detection server might not reflect the real-life traffic.

By default, active WAN health measurement is enabled.

To configure passive WAN health check:
config system sdwan
    config health-check
        edit "1"
            set server <ip_address>
            set detect-mode {passive | prefer-passive}
            set members <members>
        next
    end
end

passive

Health is measured using traffic, without probes. No link health monitor needs to be configured.

prefer-passive

Health is measured using traffic when there is traffic, and using probes when there is no traffic. A link health monitor must be configured, see Link health monitor for details.

To enable passive WAN health measurement in a policy:
config firewall policy
    edit 1
        set passive-wan-health-measurement enable
    next
end
Note

When passive-wan-health-measurement is enabled, auto-asic-offload will be disabled.

Passive WAN health measurement

SD-WAN passive WAN health measurement determines the health check measurements using session information that is captured on firewall policies that have passive-wan-health-measurement enabled.

Using passive WAN health measurement reduces the amount of configuration required and decreases the traffic that is produced by health check monitor probes doing active measurements. Active WAN health measurement using a detection server might not reflect the real-life traffic.

By default, active WAN health measurement is enabled.

To configure passive WAN health check:
config system sdwan
    config health-check
        edit "1"
            set server <ip_address>
            set detect-mode {passive | prefer-passive}
            set members <members>
        next
    end
end

passive

Health is measured using traffic, without probes. No link health monitor needs to be configured.

prefer-passive

Health is measured using traffic when there is traffic, and using probes when there is no traffic. A link health monitor must be configured, see Link health monitor for details.

To enable passive WAN health measurement in a policy:
config firewall policy
    edit 1
        set passive-wan-health-measurement enable
    next
end
Note

When passive-wan-health-measurement is enabled, auto-asic-offload will be disabled.