Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.6.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    FortiGuard SLA database for SD-WAN performance SLA 7.6.1

    FortiGuard SLA database for SD-WAN performance SLA 7.6.1

    A new FortiGuard SLA database is available, and it includes popular SaaS and internet destinations as well as recommended settings that you can select as probe servers for SD-WAN Performance SLA configurations in the GUI or CLI.

    In the GUI, go to Network > SD-WAN > Performance SLA, and click Create New to access the new database.

    In the CLI, use the following new options: 

    config system sdwan
    config health-check
        edit <health-check name>
            set fortiguard {enable | disable}
            set fortiguard-name <string>
        next
    end
end

    set fortiguard {enable | disable}

    Enable/disable use of FortiGuard SLA database.

    set fortiguard-name <string>

    Name of the predefined health-check target from the FortiGuard SLA database.

    The FortiGate requires a valid SD-WAN Network Monitor (SWNM) entitlement before the FortiGuard SLA Database can be downloaded or updated.

    Example

    In this example, an SD-WAN performance SLA is configured to use the FortiGuard SLA database and its Amazon target.

    To configure a performance SLA in the GUI:

    1. Go to Network > SD-WAN > Performance SLA, and click Create New. The New Performance SLA pane is displayed.

    2. Set Performance SLA to FortiGuard to select the database, and set SLA Target to the www.amazon.com target from the database.

    3. Complete the remaining options, and click OK. The configuration is displayed on the Performance SLAs pane.

    4. On the Performance SLAs pane, select the configuration to view the health-check status.

    To configure performance SLA in the CLI:

    1. Configure an SD-WAN health-check to use the SLA database and its Amazon target:

      config system sdwan
    set status enable
    config zone
        edit "virtual-wan-link"
        next
    end
    config members
        edit 1
            set interface "agg1"
            set gateway 172.16.203.2
        next
        edit 2
            set interface "vlan100"
            set gateway 172.16.206.2
        next
    end
    config health-check
        edit "test"
            set fortiguard enable
            set fortiguard-name "Amazon"
            set server "www.amazon.com"
            set members 0
            config sla
                edit 1
                next
            end
        next
    end
end

    2. Check the health status:

      In this example, the SLA database is enabled and Amazon is configured.

      # diagnose sys sdwan  health-check
Health Check(test):
Seq(1 agg1): state(alive), packet-loss(1.000%), latency(55.557), jitter(1.245), mos(4.373), bandwidth-up(999993), bandwidth-dw(999982), bandwidth-bi(1999975), sla_map=0x0
Seq(2 vlan100): state(alive), packet-loss(4.000%), latency(55.534), jitter(1.211), mos(4.372), bandwidth-up(697383), bandwidth-dw(437492), bandwidth-bi(1134875), sla_map=0x0
    To view the performance SLA database in the CLI:

    1. View the SLA database version:

      # diagnose autoupdate version 

...

SLA Database
---------
Version: 1.00003
Contract Expiry Date: Wed Apr 30 2025
Last Updated using scheduled update on Mon Nov 25 09:46:47 2024
Last Update Attempt: Wed Nov 27 14:36:01 2024
Result: No Updates

Timezone Database
---------
Version: 1.0006

...

    2. List the targets predefined by FortiGuard in the SLA database:

      # diagnose sladb target-list
target-name:8X8
deprecated:0
sz_domain:6

target-name:ADP
deprecated:0
sz_domain:5

target-name:AOL
deprecated:0
sz_domain:9

target-name:AWS dynamodb
deprecated:0
sz_domain:27

target-name:AWS ec2
deprecated:0
sz_domain:27

target-name:AWS ecs
deprecated:0
sz_domain:27

target-name:AWS es
deprecated:0
sz_domain:27

target-name:AWS lambda
deprecated:0
sz_domain:27
...

    3. List the domains under a specific target predefined by FortiGuard in the SLA database:

      # diagnose sladb  domain-list ADP
domain-name:www.adp.com
desc:ADP (www.adp.com)
deprecated:0
sz_protocol:2

domain-name:ipay.adp.com
desc:Online payroll management and payment platform.
deprecated:0
sz_protocol:2

domain-name:workforcenow.adp.com
desc:Human resource management platform.
deprecated:0
sz_protocol:2

domain-name:globalview.adp.com
desc:Global HR management platform.
deprecated:0
sz_protocol:2

domain-name:mobile.adp.com
desc:Mobile app for ADP services.
deprecated:0
sz_protocol:2

    4. List the protocols under a specific target and domain predefined by FortiGuard in the SLA database:

      # diagnose sladb protocol-list ADP www.adp.com
target-name:ADP
domain-name:www.adp.com

        protocol: ping
        protocol: https

    5. View the communication method between FortiGate and servers predefined by FortiGuard for SD-WAN health-checks. 

      # show system health-check-fortiguard
config system health-check-fortiguard
    edit "8X8"
        set server "www.8x8.com"
        set protocol https
    next
    edit "ADP"
        set server "www.adp.com"
    next
    edit "AOL"
        set server "www.aol.com"
    next
    edit "AWS dynamodb"
        set server "dynamodb.me-central-1.amazonaws.com"
    next
    edit "AWS ec2"
        set server "ec2.us-east-1.amazonaws.com"
    next
    edit "AWS ecs"
        set server "ecs.me-central-1.amazonaws.com"
    next
    edit "AWS es"
        set server "es.us-east-1.amazonaws.com"
    next
    edit "AWS lambda"
        set server "lambda.us-east-1.amazonaws.com"
    next
...
    Previous
    Next

    FortiGuard SLA database for SD-WAN performance SLA 7.6.1

    FortiGuard SLA database for SD-WAN performance SLA 7.6.1

    A new FortiGuard SLA database is available, and it includes popular SaaS and internet destinations as well as recommended settings that you can select as probe servers for SD-WAN Performance SLA configurations in the GUI or CLI.

    In the GUI, go to Network > SD-WAN > Performance SLA, and click Create New to access the new database.

    In the CLI, use the following new options: 

    config system sdwan
    config health-check
        edit <health-check name>
            set fortiguard {enable | disable}
            set fortiguard-name <string>
        next
    end
end

    set fortiguard {enable | disable}

    Enable/disable use of FortiGuard SLA database.

    set fortiguard-name <string>

    Name of the predefined health-check target from the FortiGuard SLA database.

    The FortiGate requires a valid SD-WAN Network Monitor (SWNM) entitlement before the FortiGuard SLA Database can be downloaded or updated.

    Example

    In this example, an SD-WAN performance SLA is configured to use the FortiGuard SLA database and its Amazon target.

    To configure a performance SLA in the GUI:

    1. Go to Network > SD-WAN > Performance SLA, and click Create New. The New Performance SLA pane is displayed.

    2. Set Performance SLA to FortiGuard to select the database, and set SLA Target to the www.amazon.com target from the database.

    3. Complete the remaining options, and click OK. The configuration is displayed on the Performance SLAs pane.

    4. On the Performance SLAs pane, select the configuration to view the health-check status.

    To configure performance SLA in the CLI:

    1. Configure an SD-WAN health-check to use the SLA database and its Amazon target:

      config system sdwan
    set status enable
    config zone
        edit "virtual-wan-link"
        next
    end
    config members
        edit 1
            set interface "agg1"
            set gateway 172.16.203.2
        next
        edit 2
            set interface "vlan100"
            set gateway 172.16.206.2
        next
    end
    config health-check
        edit "test"
            set fortiguard enable
            set fortiguard-name "Amazon"
            set server "www.amazon.com"
            set members 0
            config sla
                edit 1
                next
            end
        next
    end
end

    2. Check the health status:

      In this example, the SLA database is enabled and Amazon is configured.

      # diagnose sys sdwan  health-check
Health Check(test):
Seq(1 agg1): state(alive), packet-loss(1.000%), latency(55.557), jitter(1.245), mos(4.373), bandwidth-up(999993), bandwidth-dw(999982), bandwidth-bi(1999975), sla_map=0x0
Seq(2 vlan100): state(alive), packet-loss(4.000%), latency(55.534), jitter(1.211), mos(4.372), bandwidth-up(697383), bandwidth-dw(437492), bandwidth-bi(1134875), sla_map=0x0
    To view the performance SLA database in the CLI:

    1. View the SLA database version:

      # diagnose autoupdate version 

...

SLA Database
---------
Version: 1.00003
Contract Expiry Date: Wed Apr 30 2025
Last Updated using scheduled update on Mon Nov 25 09:46:47 2024
Last Update Attempt: Wed Nov 27 14:36:01 2024
Result: No Updates

Timezone Database
---------
Version: 1.0006

...

    2. List the targets predefined by FortiGuard in the SLA database:

      # diagnose sladb target-list
target-name:8X8
deprecated:0
sz_domain:6

target-name:ADP
deprecated:0
sz_domain:5

target-name:AOL
deprecated:0
sz_domain:9

target-name:AWS dynamodb
deprecated:0
sz_domain:27

target-name:AWS ec2
deprecated:0
sz_domain:27

target-name:AWS ecs
deprecated:0
sz_domain:27

target-name:AWS es
deprecated:0
sz_domain:27

target-name:AWS lambda
deprecated:0
sz_domain:27
...

    3. List the domains under a specific target predefined by FortiGuard in the SLA database:

      # diagnose sladb  domain-list ADP
domain-name:www.adp.com
desc:ADP (www.adp.com)
deprecated:0
sz_protocol:2

domain-name:ipay.adp.com
desc:Online payroll management and payment platform.
deprecated:0
sz_protocol:2

domain-name:workforcenow.adp.com
desc:Human resource management platform.
deprecated:0
sz_protocol:2

domain-name:globalview.adp.com
desc:Global HR management platform.
deprecated:0
sz_protocol:2

domain-name:mobile.adp.com
desc:Mobile app for ADP services.
deprecated:0
sz_protocol:2

    4. List the protocols under a specific target and domain predefined by FortiGuard in the SLA database:

      # diagnose sladb protocol-list ADP www.adp.com
target-name:ADP
domain-name:www.adp.com

        protocol: ping
        protocol: https

    5. View the communication method between FortiGate and servers predefined by FortiGuard for SD-WAN health-checks. 

      # show system health-check-fortiguard
config system health-check-fortiguard
    edit "8X8"
        set server "www.8x8.com"
        set protocol https
    next
    edit "ADP"
        set server "www.adp.com"
    next
    edit "AOL"
        set server "www.aol.com"
    next
    edit "AWS dynamodb"
        set server "dynamodb.me-central-1.amazonaws.com"
    next
    edit "AWS ec2"
        set server "ec2.us-east-1.amazonaws.com"
    next
    edit "AWS ecs"
        set server "ecs.me-central-1.amazonaws.com"
    next
    edit "AWS es"
        set server "es.us-east-1.amazonaws.com"
    next
    edit "AWS lambda"
        set server "lambda.us-east-1.amazonaws.com"
    next
...
    Previous
    Next