Speed tests run from the hub to the spokes in dial-up IPsec tunnels

In a hub and spoke SD-WAN topology that uses dial-up VPN overlays, QoS can be applied on individual tunnels based on the measured bandwidth between the hub and spokes. The FortiGate can use the built in speed test to dynamically populate the egress bandwidth to individual dial-up tunnels from the hub.

SD-WAN members on a spoke can switch routes when the speed test is running from the hub to the spoke. The speed test results can be cached for reuse when a tunnel comes back after going down.

CLI commands

Allow upload speed tests to be run from the hub to spokes on demand for dial-up IPsec tunnel:
config system speed-test-schedule
    edit <interface>
        set dynamic-server {enable | disable} 
    next
end

<interface>

The dial-up IPsec tunnel interface on the hub.

dynamic-server {enable | disable}

Enable/disable the dynamic speed test server (default = disable).

Note

To limit the maximum and minimum bandwidth used in the speed test, enable set update-inbandwidth and set update-outbandwidth. See Scheduled interface speedtest for more information.