Fortinet black logo

Administration Guide

Fields for configuring WAN intelligence

Fields for configuring WAN intelligence

This topic describes the fields in an SD-WAN rule used for configuring WAN intelligence, which processes and routes traffic that matches the SD-WAN rule.

In the GUI, go to Network > SD-WAN > SD-WAN Rules. Click Create New, or double-click an existing rule to open it for editing. The Outgoing Interfaces section is used to configure WAN intelligence for the rule:

WAN intelligence is comprised of the following parts:

Interface or zone preference

By default, the configured order of interfaces and/or zones in a rule are used. Interfaces and zones that are selected first have precedence over interfaces selected second and so on.

You can specify both interfaces and zones. When a zone is specified in the Zone preference field, it is equivalent to selecting each of the contained interface members in the Interface preference section. Interface members in a zone have lower priority than interfaces configured in the Interface preference section.

For example:

  • There are 3 interfaces: port1, port2 and port3.
    • Port2 is in Zone1
    • Port1 and port3 belong to the default virtual-wan-link zone.
  • An SD-WAN rule is created with Interface preference set to port3 and port1, and Zone preference set to Zone1.

The SD-WAN rule prefers the interfaces in the following order:

  1. port3
  2. port1
  3. port2

You can configure the interface and zone preference in the CLI:

config system sdwan
    config service
        edit <ID>
            set priority-members <integer>
            set priority-zone <interface>
        next        
    end
end

Strategy

Strategy dictates how the interface and/or zone order changes as link conditions change. You can use the following strategies:

  • Automatic (auto): interfaces are assigned a priority based on quality. See Automatic strategy.
  • Manual (manual): interfaces are manually assigned a priority. See Manual strategy.
  • Best Quality (priority): interfaces are assigned a priority based on the link-cost-factor of the interface. See Best quality strategy.
  • Lowest cost (SLA) (sla): interfaces are assigned a priority based on selected SLA settings. See Lowest cost (SLA) strategy.
  • Maximize Bandwidth (SLA) (load-balance): traffic is distributed among all available links based on the selected load balancing algorithm. See Maximize bandwidth (SLA) strategy.

Performance SLA

The best quality, lowest cost, and maximize bandwidth strategies are the most intelligent modes, and they leverage SLA health checks to provide meaningful metrics for a given link. FortiGate uses the metrics to make intelligent decisions to route traffic.

Automatic and manual strategies have pre-configured logic that do not leverage SLA health checks.

The goal of the performance SLA is to measure the quality of each SD-WAN member link. The following methods can be used to measure the quality of a link:

  • Active measurement
    • Health-check traffic is sent to a server with a variety of protocols options.
    • The following SLA metrics are measured on this probe traffic:
      • Latency
      • Jitter
      • Packet loss
  • Passive measurement
    • SLA metrics are measured on real or live traffic, reducing the amount of probe traffic that is sent and received.
    • There is the option (prefer passive) to initiate probe traffic when no live traffic is present.

Performance SLA is utilized by auto, Lowest Cost (SLA), Maximize Bandwidth (SLA), and Best Quality strategies. Lowest Cost (SLA) and Maximize Bandwidth SLA use SLA targets in a pass or fail style to evaluate whether a link is considered for traffic. Best Quality compares a specific metric of the SLA to pick the best result.

Therefore it is integral to select or create an SLA target(s) that relates to the traffic targeted by the rule. It does not make sense to evaluate a public resource, such as YouTube, when the rule matches Azure traffic.

See Performance SLA for more details.

Fields for configuring WAN intelligence

This topic describes the fields in an SD-WAN rule used for configuring WAN intelligence, which processes and routes traffic that matches the SD-WAN rule.

In the GUI, go to Network > SD-WAN > SD-WAN Rules. Click Create New, or double-click an existing rule to open it for editing. The Outgoing Interfaces section is used to configure WAN intelligence for the rule:

WAN intelligence is comprised of the following parts:

Interface or zone preference

By default, the configured order of interfaces and/or zones in a rule are used. Interfaces and zones that are selected first have precedence over interfaces selected second and so on.

You can specify both interfaces and zones. When a zone is specified in the Zone preference field, it is equivalent to selecting each of the contained interface members in the Interface preference section. Interface members in a zone have lower priority than interfaces configured in the Interface preference section.

For example:

  • There are 3 interfaces: port1, port2 and port3.
    • Port2 is in Zone1
    • Port1 and port3 belong to the default virtual-wan-link zone.
  • An SD-WAN rule is created with Interface preference set to port3 and port1, and Zone preference set to Zone1.

The SD-WAN rule prefers the interfaces in the following order:

  1. port3
  2. port1
  3. port2

You can configure the interface and zone preference in the CLI:

config system sdwan
    config service
        edit <ID>
            set priority-members <integer>
            set priority-zone <interface>
        next        
    end
end

Strategy

Strategy dictates how the interface and/or zone order changes as link conditions change. You can use the following strategies:

  • Automatic (auto): interfaces are assigned a priority based on quality. See Automatic strategy.
  • Manual (manual): interfaces are manually assigned a priority. See Manual strategy.
  • Best Quality (priority): interfaces are assigned a priority based on the link-cost-factor of the interface. See Best quality strategy.
  • Lowest cost (SLA) (sla): interfaces are assigned a priority based on selected SLA settings. See Lowest cost (SLA) strategy.
  • Maximize Bandwidth (SLA) (load-balance): traffic is distributed among all available links based on the selected load balancing algorithm. See Maximize bandwidth (SLA) strategy.

Performance SLA

The best quality, lowest cost, and maximize bandwidth strategies are the most intelligent modes, and they leverage SLA health checks to provide meaningful metrics for a given link. FortiGate uses the metrics to make intelligent decisions to route traffic.

Automatic and manual strategies have pre-configured logic that do not leverage SLA health checks.

The goal of the performance SLA is to measure the quality of each SD-WAN member link. The following methods can be used to measure the quality of a link:

  • Active measurement
    • Health-check traffic is sent to a server with a variety of protocols options.
    • The following SLA metrics are measured on this probe traffic:
      • Latency
      • Jitter
      • Packet loss
  • Passive measurement
    • SLA metrics are measured on real or live traffic, reducing the amount of probe traffic that is sent and received.
    • There is the option (prefer passive) to initiate probe traffic when no live traffic is present.

Performance SLA is utilized by auto, Lowest Cost (SLA), Maximize Bandwidth (SLA), and Best Quality strategies. Lowest Cost (SLA) and Maximize Bandwidth SLA use SLA targets in a pass or fail style to evaluate whether a link is considered for traffic. Best Quality compares a specific metric of the SLA to pick the best result.

Therefore it is integral to select or create an SLA target(s) that relates to the traffic targeted by the rule. It does not make sense to evaluate a public resource, such as YouTube, when the rule matches Azure traffic.

See Performance SLA for more details.