Fortinet black logo

Administration Guide

Home FortiManager 6.4.13 Administration Guide
6.4.13
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0

Monitor SD-WAN

Monitor SD-WAN

After adding the Interface Members, Health-Check Servers, creating SD-WAN templates, and assigning devices to the SD-WAN template, go to SD-WAN > Monitor to monitor the FortiGate devices.

The FortiGate devices can be monitored from two views, Map View and Table View.

Map View

To monitor SD-WAN with Map View:
  1. Click Map View to view the SD-WAN link on Google Maps.
  2. Hover over the SD-WAN icon. The following information is shown:

    <Name of the FortiGate device> (<Model>)

    Interface

    Interface members.

    Performance SLA

    Shows whether the interface is meeting the performance SLA criteria.

    Jitter (ms)

    Actual value of Jitter.

    Latency (ms)

    Actual value of Latency.

    Packet Loss (ms)

    Actual value of Packet loss.

    Bandwidth (TX/RX)

    Bandwidth of data transmitted and received.

    Volume (TX/RX)

    Volume of data transmitted and received.

    Session

    Number of active sessions.

Select Show Unhealthy Devices only to show only the devices that do not meet the Performance SLA criteria.

Table View

To monitor SD-WAN with Table View:
  1. Click Table View to view the SD-WAN parameters for each device.

    The following information is shown for each device:

    Device

    Name of the device.

    SD-WAN

    Interface members.

    Internet Services

    Add or remove the Internet Services from the Services Settings drop-down. The data is shown for the selected Internet Services. The Internet Services are specified in SD-WAN Rules > Destination type > Internet Service in FortiGate.

    Applications

    Add or remove the Applications from the Services Settings drop-down. The data is shown for the selected applications. The applications are specified in SD-WAN Rules > Destination type > Internet Service in FortiGate.

    Upload

    Volume of data transmitted up stream.

    Download

    Volume of data transmitted down stream.

    Automatic Refresh

    FortiManager extracts the data from FortiGate devices based on the refresh settings. Select the automatic refresh interval from Every 5 Minutes to Every 30 Minutes. Alternatively, you can select Manual Refresh to refresh the data manually.

    Hover over a service for a device that is shown in red. A pop-up shows the parameters that have failed the SLA criteria.

SD-WAN Monitoring History

FortiManager provides an option to collect and store SD-WAN Monitor data. Go to SD-WAN > Monitor > Table View to view the following drill-down data:

  • Click each FortiGate device to view drill-down values for the particular device. The graphs available are Bandwidth Overview, Traffic Overview, Jitter, Latency, and Packet Loss.
  • Click each application to view drill-down values for the particular application. The graphs available are Jitter, Latency, and Packet Loss.

By default, SD-WAN Monitoring History is disabled. When this feature is disabled, data for only the last 10 minutes is displayed. You can refresh to view the data directly from FortiGate devices. No historical data is stored in FortiManager when this feature is disabled.

You can enable the SD-WAN Monitoring history using the following command line:

config system admin setting

set sdwan-monitor-history enable

end

When this feature is enabled, you can view the SD-WAN Monitoring history in the following ways:

  • SD-WAN Monitoring data can be viewed for the past 24, 12, 6, 1, and N hours.
  • SD-WAN Monitoring history is stored in FortiManager for 8 days.
When to enable SD-WAN history

SD-WAN monitoring history should be enabled when you need to view historical SD-WAN data from FortiGate devices beyond the default 10 minutes that is kept when the feature is disabled.

Because SD-WAN monitoring history can consume a large amount of disk storage when FortiManager receives data from many FortiGate devices, it should only be enabled when there is adequate disk resources available to support the feature. In FortiManager 7.2.2 and later, you can configure the monitoring history storage settings in the FortiManager CLI to reduce disk usage. In earlier versions of FortiManager it is recommended that you monitor your disk usage while the SD-WAN history feature is enabled.

Furthermore, it's important to take into account the tunnel limitation of the central management unit. In order to ensure smooth performance of the system and stable connections for all the devices being managed, we highly recommend disabling data-intensive monitoring features like SD-WAN historical monitoring. By applying an add-on license to the central management unit, you can expand its support for devices beyond the default management tunnel limit. It's worth noting, though, that even with this enhancement, simultaneous management of all live tunnels may not be completely seamless. While the SD-WAN historical monitoring feature is designed to effectively handle live tunnels, it can put a strain on system resources.

If FortiManager is unable to process the data as it arrives due to the number of FortiGate devices, data that is held and unprocessed for more than two days will be dropped, and you may see gaps in the SD-WAN history.

Note

In 6.4.8, 7.0.1 and earlier releases, FortiManager's SD-WAN API calls to FortiGate can consume a lot of memory when there are many FortiGate devices, causing FortiManager to enter conserve mode. If you encounter this issue in these versions it is recommended to disable SD-WAN History or to upgrade to a later version of FortiManager.
Previous
Next

Monitor SD-WAN

After adding the Interface Members, Health-Check Servers, creating SD-WAN templates, and assigning devices to the SD-WAN template, go to SD-WAN > Monitor to monitor the FortiGate devices.

The FortiGate devices can be monitored from two views, Map View and Table View.

Map View

To monitor SD-WAN with Map View:
  1. Click Map View to view the SD-WAN link on Google Maps.
  2. Hover over the SD-WAN icon. The following information is shown:

    <Name of the FortiGate device> (<Model>)

    Interface

    Interface members.

    Performance SLA

    Shows whether the interface is meeting the performance SLA criteria.

    Jitter (ms)

    Actual value of Jitter.

    Latency (ms)

    Actual value of Latency.

    Packet Loss (ms)

    Actual value of Packet loss.

    Bandwidth (TX/RX)

    Bandwidth of data transmitted and received.

    Volume (TX/RX)

    Volume of data transmitted and received.

    Session

    Number of active sessions.

Select Show Unhealthy Devices only to show only the devices that do not meet the Performance SLA criteria.

Table View

To monitor SD-WAN with Table View:
  1. Click Table View to view the SD-WAN parameters for each device.

    The following information is shown for each device:

    Device

    Name of the device.

    SD-WAN

    Interface members.

    Internet Services

    Add or remove the Internet Services from the Services Settings drop-down. The data is shown for the selected Internet Services. The Internet Services are specified in SD-WAN Rules > Destination type > Internet Service in FortiGate.

    Applications

    Add or remove the Applications from the Services Settings drop-down. The data is shown for the selected applications. The applications are specified in SD-WAN Rules > Destination type > Internet Service in FortiGate.

    Upload

    Volume of data transmitted up stream.

    Download

    Volume of data transmitted down stream.

    Automatic Refresh

    FortiManager extracts the data from FortiGate devices based on the refresh settings. Select the automatic refresh interval from Every 5 Minutes to Every 30 Minutes. Alternatively, you can select Manual Refresh to refresh the data manually.

    Hover over a service for a device that is shown in red. A pop-up shows the parameters that have failed the SLA criteria.

SD-WAN Monitoring History

FortiManager provides an option to collect and store SD-WAN Monitor data. Go to SD-WAN > Monitor > Table View to view the following drill-down data:

  • Click each FortiGate device to view drill-down values for the particular device. The graphs available are Bandwidth Overview, Traffic Overview, Jitter, Latency, and Packet Loss.
  • Click each application to view drill-down values for the particular application. The graphs available are Jitter, Latency, and Packet Loss.

By default, SD-WAN Monitoring History is disabled. When this feature is disabled, data for only the last 10 minutes is displayed. You can refresh to view the data directly from FortiGate devices. No historical data is stored in FortiManager when this feature is disabled.

You can enable the SD-WAN Monitoring history using the following command line:

config system admin setting

set sdwan-monitor-history enable

end

When this feature is enabled, you can view the SD-WAN Monitoring history in the following ways:

  • SD-WAN Monitoring data can be viewed for the past 24, 12, 6, 1, and N hours.
  • SD-WAN Monitoring history is stored in FortiManager for 8 days.
When to enable SD-WAN history

SD-WAN monitoring history should be enabled when you need to view historical SD-WAN data from FortiGate devices beyond the default 10 minutes that is kept when the feature is disabled.

Because SD-WAN monitoring history can consume a large amount of disk storage when FortiManager receives data from many FortiGate devices, it should only be enabled when there is adequate disk resources available to support the feature. In FortiManager 7.2.2 and later, you can configure the monitoring history storage settings in the FortiManager CLI to reduce disk usage. In earlier versions of FortiManager it is recommended that you monitor your disk usage while the SD-WAN history feature is enabled.

Furthermore, it's important to take into account the tunnel limitation of the central management unit. In order to ensure smooth performance of the system and stable connections for all the devices being managed, we highly recommend disabling data-intensive monitoring features like SD-WAN historical monitoring. By applying an add-on license to the central management unit, you can expand its support for devices beyond the default management tunnel limit. It's worth noting, though, that even with this enhancement, simultaneous management of all live tunnels may not be completely seamless. While the SD-WAN historical monitoring feature is designed to effectively handle live tunnels, it can put a strain on system resources.

If FortiManager is unable to process the data as it arrives due to the number of FortiGate devices, data that is held and unprocessed for more than two days will be dropped, and you may see gaps in the SD-WAN history.

Note

In 6.4.8, 7.0.1 and earlier releases, FortiManager's SD-WAN API calls to FortiGate can consume a lot of memory when there are many FortiGate devices, causing FortiManager to enter conserve mode. If you encounter this issue in these versions it is recommended to disable SD-WAN History or to upgrade to a later version of FortiManager.
Previous
Next