Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiPortal 5.3.8 User Guide
    5.3.8
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    Configuring an SD-WAN for an ADOM

    Configuring an SD-WAN for an ADOM

    To use this feature, you must have the following:

    • ADOM version 6.0 or higher
    • The templates are assigned to devices in the same ADOM.
    • Central SD-WAN management is enabled in FortiManager for the ADOM being used.
    To configure an SD-WAN for an ADOM:
    1. Add a FortiManager with an ADOM. See the FortiPortal Administration Guide.
    2. Add a customer with permission for the Device Manager tab. See the FortiPortal Administration Guide.
    3. Add a customer site for the customer created in step 2 and assign the ADOM to the customer site. See the FortiPortal Administration Guide.
    4. Add a customer user with access to the customer site created in step 3. See the FortiPortal Administration Guide.
    5. The customer user created in step 4 specifies which ports are interface members of the SD-WAN. See Specify the ports.
    6. The customer user created in step 4 creates an SD-WAN template; defines the interface members from step 5, a performance SLA, and SD-WAN rules; and assigns the template to an ADOM. See Create an SD-WAN template.

    Specify the ports

    Use the SD-WAN > Interface Members page to define which physical FortiPortal interfaces belong to the SD-WAN.

    SD-WAN interfaces are the ports and interfaces that are used to run traffic. At least one interface must be configured for SD-WAN to function; up to 255 member interfaces can be configured.

    On the SD-WAN > Interface Members page, the following actions are available:

    • Create New—define a new interface member
    • Edit—change the settings for an existing interface member
    • Delete—delete an interface member
    To add a new interface member:
    1. Select Interface Members from the SD-WAN tree.
    2. Right-click an interface member and select Create New. If the table is blank, right-click under the column headings and select Create New.
    3. Enter values in the relevant fields. See Interface member fields .
    4. Select Save.
    Interface member fields

    The Create New Interface Members and Edit Interface Members forms contain the following fields:

    Settings

    Guidelines

    Name

    Required. Name of the new interface member.

    Description

    Description of the new interface member.

    Cost

    Cost of the interface.

    The Cost field is not displayed when the ADOM version is 6.2 or higher.

    Gateway

    Enter the IPv4 address of the default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to.

    Gateway6

    Enter the IPv6 address of the default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to.

    Ingress Spillover Threshold

    Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.

    Interface

    Required. Type the name of one or more ports. Use a comma to separate multiple ports.

    Priority

    Assign the interface a priority.

    Source

    Source IPv4 address name.

    Source6

    Source IPv6 address name.

    Spillover Threshold

    Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.

    Volume Ratio

    Measured volume ratio (this value / sum of all values = percentage of link volume). The range is 0-255.

    Weight

    Weight of this interface for weighted load balancing. More traffic is directed to interfaces with higher weights. The weight must be in the range of 0-255.

    Create an SD-WAN template

    Use the SD-WAN > Template page to define an SD-WAN for an ADOM.

    In this area, the following actions are available:

    • Create New—define a new template
    • Edit—change the settings for an existing template
    • Delete—delete a template
    • Assign—associate a template to an ADOM
    To create a template and assign it:
    1. Select Template from the SD-WAN tree.
    2. Right-click a template and select Create New. If the table is blank, right-click under the column headings and select Create New.
    3. Enter values in the relevant fields. See Template fields .
    4. Select Save.
    5. Right-click a template and select Assign.
    6. Select the site to assign the template to and then select Save.
    Template fields

    The Create New Template and Edit Template forms contain the following fields:

    Settings

    Guidelines

    Name

    Required. Name of the new template

    Description

    Description of the new template.

    Status

    Select enable to enable the SD-WAN status.

    Interface members

    Define which physical FortiPortal interfaces belong to the SD-WAN. See Define which physical interfaces belong to the SD-WAN template.

    Performance SLA

    Define a new performance service level agreement (SLA). See Define a performance SLA for the SD-WAN template.

    SD-WAN Rule

    Define SD-WAN rules to control how sessions are distributed to physical interfaces in the SD-WAN. See Define SD-WAN rules for the SD-WAN template.

    Fail Alert Interfaces

    Select a physical interface to alert if the SD-WAN fails.

    This field is not available if FortiManager 6.2 is being used.

    Fail-Detect

    Select enable or disable to change whether the SD-WAN Internet connection is checked.

    Load Balance Mode

    SD-WAN supports five load-balance modes:

    • Source IP (source-ip-based): SD-WAN will load balance the traffic equally among its members according to a hash algorithm based on the source IP addresses.
    • Session (weight-based): SD-WAN will load balance the traffic according to the session numbers ratio among its members.
    • Spillover (usage-based): SD-WAN will use the first member until the bandwidth reaches its limit, then use the second, and so on.
    • Source-Destination IP (source-dest-ip-based): SD-WAN will load balance the traffic equally among its members according to a hash algorithm based on both the source and destination IP addresses.
    • Volume (measured-volume-based): SD-WAN will load balance the traffic according to the bandwidth ratio among its members.
    Define which physical interfaces belong to the SD-WAN template

    SD-WAN interfaces are the ports and interfaces that are used to run traffic. At least one interface must be configured for the SD-WAN to function; up to 255 member interfaces can be configured.

    To define which physical interfaces belong to the SD-WAN template:
    1. Select Template from the SD-WAN tree.
    2. Right-click a template and select Create New. If the Template table is blank, right-click under the column headings and select Create New.
    3. Right-click an interface member and select Create New. If the Interface Members table is blank, right-click under the column headings and select Create New.
    4. Enter values in the relevant fields. See Interface members fields for an SD-WAN template.
    5. Select Save.
    Interface members fields for an SD-WAN template

    Settings

    Description

    Sequence Number

    Member sequence number. The range is 0-4294967295.

    Member

    Required. Select one of the available physical interfaces.
    Define a performance SLA for the SD-WAN template

    If all links meet the SLA criteria, the FortiPortal unit uses the first link, even if that link is not the best quality link. If at any time, the link in use does not meet the SLA criteria, and the next link in the configuration meets the SLA criteria, the FortiPortal unit changes to that link. If the next link does not meet the SLA criteria, the FortiPortal unit uses the next link in the configuration if it meets the SLA criteria, and so on.

    To define a performance SLA for the SD-WAN template:
    1. Select Template from the SD-WAN tree.
    2. Right-click a template and select Create New. If the Template table is blank, right-click under the column headings and select Create New.
    3. Right-click a performance SLA and select Create New. If the Performance SLA table is blank, right-click under the column headings and select Create New.
    4. Enter values in the relevant fields. See Performance SLA fields for an SD-WAN template.
    5. Select Save.
    Performance SLA fields for an SD-WAN template

    Settings

    Description

    Name

    Required. Name of the performance SLA.

    Detect Server

    Required. Name of the server.

    Fail Time

    Number of retry attempts before the server is considered down.

    Http-agent

    String in the http-agent field in the HTTP header.

    Http-get

    If you are monitoring an HTML server you can send an HTTP-GET request with a custom string. Use this option to define the string.

    Http-match

    Response string expected from the server if the protocol is HTTP.

    Interval

    Status check interval, or the time between attempting to connect to the server. The default is 5 seconds; the range is 1 - 3600 seconds.

    Outgoing interface

    This field is available only if you are using ADOM 6.0 or 6.2 with FortiManager 6.0 or 6.2.

    • If you are using ADOM 6.2 and FortiManager 6.2, select Auto, Manual, Minimum Quality (Maximum Bandwidth), Best Quality (Priority), or Lowest Quality (SLA).
    • If you are using ADOM 6.0 and FortiManager 6.2): select Auto, Manual, Minimum Quality (Maximum Bandwidth), or Best Quality(Priority).
    • If you are using ADOM 6.0 and FortiManager 6.0): select Minimum Quality (Maximum Bandwidth) or Best Quality (Priority).

    Members

    Select the interfaces from the Available Members list and then select > to move them to the Selected Members list.

    If you selected Manual for the outgoing interface, select a single interface from the drop-down list.

    quality-link

    If you selected Auto for the outgoing interface, select the quality link from the drop-down list.
    This field is available only if you are using FortiManager 6.2.

    Criteria

    If you selected Auto for the outgoing interface, select the creiteria from the drop-down list.

    This field is available only if you are using FortiManager 6.2.

    packet-size

    Packet size of a Two-Way Active Measurement Protocol (TWAMP) test session. The range is 64-1024.

    password

    TWAMP controller password in authentication mode size.

    port

    Port number of the traffic to be used to monitor the server.

    Detect Protocol

    Protocol used to determine if the FortiPortal unit can communicate with the server. Select udp-echo, ping, tcp-echo, http, twamp, or ping6.

    recovery time

    Number of successful responses received before server is considered recovered

    Threshold-alert-jitter

    Alert threshold for jitter. The default is 0 ms; the range is 0-4294967295 ms.

    Threshold-alert-latency

    Alert threshold for latency. The default is 0 ms; the range is 0-4294967295 ms.

    Threshold-alert-packetloss

    Alert threshold for packet loss. The default is 0 percent; the range is 0-100 percent.

    threshold-warning-jitter

    Warning threshold for jitter. The default is 0 ms; the range is 0-4294967295 ms.

    threshold-warning-latency

    Warning threshold for latency. The default is 0 ms; the range is 0-4294967295 ms.

    threshold-warning-packetloss

    Warning threshold for packet loss. The default is 0 percent; the range is 0-100 percent.

    Update Cascade Interface

    Enable or disable whether the cascade interface is updated.

    Update Static Route

    Enable or disable whether the static route is updated.

    SLA

    Configure the SLA.
    To define a performance SLA for the SD-WAN template:
    1. Select Template from the SD-WAN tree.
    2. Right-click a template and select Create New. If the Template table is blank, right-click under the column headings and select Create New.
    3. Right-click a performance SLA and select Create New. If the Performance SLA table is blank, right-click under the column headings and select Create New.
    4. Right-click under the column headings in the SLA table and select Create New.
    5. Enter values in the relevant fields. See "Performance SLA fields for an SD-WAN template" on page 1.
    6. Select Save to save your SLA configuration.
    7. Select Save to save your performance SLA configuration.
    SLA fields for an SD-WAN template

    Settings

    Description

    ID

    SLA identifier.

    Jitter Threshold

    Jitter for SLA to make decision in milliseconds. The default is 5; the range is 0- 10000000.

    Latency Threshold

    Required. Latency for SLA to make decision in milliseconds. The default is 5; the range is 0- 10000000.

    Packet Loss Threshold

    Packet loss for SLA to make decision in percentage. The default is 0; the range is 0-100.
    Define SD-WAN rules for the SD-WAN template

    You can configure SD-WAN rules or priority rules (also called services) to control how sessions are distributed to physical interfaces in the SD-WAN.

    To add a new SD-WAN rule for an SD-WAN template:
    1. Select Template from the SD-WAN tree.
    2. Right-click a template and select Create New. If the Template table is blank, right-click under the column headings and select Create New.
    3. Right-click an SD-WAN rule and select Create New. If the table is blank, right-click under the column headings and select Create New.
    4. Enter values in the relevant fields. See SD-WAN rule fields for an SD-WAN template.
    5. Select Save.
    SD-WAN rule fields for an SD-WAN template

    Settings

    Description

    Name

    Priority rule name.

    Source Address

    Select the source addresses from the Available list and then select > to move them to the Selected list.

    Users

    Select the users from the Available list and then select > to move them to the Selected list.

    User Groups

    Select the user groups from the Available list and then select > to move them to the Selected list.

    Destination

    Required. Select Named Address to use destination addresses or select Internet Service to use destination Internet services.

    Destination Address

    Required. Available if Destination is set to Named Address. Select the destination addresses from the Available list and then select > to move them to the Selected list.

    Protocol

    Required. Available if Destination is set to Address. Select TCP, UDP, ANY, or Specify.

    Specify Protocol

    Required. If Protocol is set to Specify, enter the protocol number, type of service, and bit mask.

    start-port

    Integer value for starting TCP/UDP/SCTP destination port.

    end-port

    Integer value for ending TCP/UDP/SCTP destination port.

    Type of Service

    Type of service bit pattern.

    Type of Service Mask

    Type of service evaluated bits. This value determines which bits in the IP header’s TOS field are significant.

    Internet Service

    Available if Destination is set to Internet Service. Select the Internet services from the Available list and then select > to move them to the Selected list.

    Internet Service Group

    Available if Destination is set to Internet Service. Select the Internet service groups from the Available list and then select > to move them to the Selected list.

    Custom Internet Service

    Available if Destination is set to Internet Service. Select the custom Internet services from the Available list and then select > to move them to the Selected list.

    Custom Internet Service Group

    Available if Destination is set to Internet Service. Select the custom Internet service groups from the Available list and then select > to move them to the Selected list.

    internet-service-ctrl

    Available if Destination is set to Internet Service. Enter the identifier of a control-based Internet service.

    internet-service-ctrl-group

    Available if Destination is set to Internet Service. Select the name of a control-based Internet service group.

    Outgoing Interface

    Required. Select Best Quality (Priority) or Minimum Quality (Maximize Bandwidth).

    Members

    Required. Select the interfaces from the Available list and then select > to move them to the Selected list.

    Required SLA Target

    Required. Available if Outgoing Interface is set to Minimum Quality (Maximize Bandwidth). Select the appropriate performance SLA from the drop-down list.

    Status Check

    Required. Available if Outgoing Interface is set to Best Quality (Priority). Select the appropriate performance SLA to use for the status check.
    Previous
    Next

    Configuring an SD-WAN for an ADOM

    Configuring an SD-WAN for an ADOM

    To use this feature, you must have the following:

    • ADOM version 6.0 or higher
    • The templates are assigned to devices in the same ADOM.
    • Central SD-WAN management is enabled in FortiManager for the ADOM being used.
    To configure an SD-WAN for an ADOM:
    1. Add a FortiManager with an ADOM. See the FortiPortal Administration Guide.
    2. Add a customer with permission for the Device Manager tab. See the FortiPortal Administration Guide.
    3. Add a customer site for the customer created in step 2 and assign the ADOM to the customer site. See the FortiPortal Administration Guide.
    4. Add a customer user with access to the customer site created in step 3. See the FortiPortal Administration Guide.
    5. The customer user created in step 4 specifies which ports are interface members of the SD-WAN. See Specify the ports.
    6. The customer user created in step 4 creates an SD-WAN template; defines the interface members from step 5, a performance SLA, and SD-WAN rules; and assigns the template to an ADOM. See Create an SD-WAN template.

    Specify the ports

    Use the SD-WAN > Interface Members page to define which physical FortiPortal interfaces belong to the SD-WAN.

    SD-WAN interfaces are the ports and interfaces that are used to run traffic. At least one interface must be configured for SD-WAN to function; up to 255 member interfaces can be configured.

    On the SD-WAN > Interface Members page, the following actions are available:

    • Create New—define a new interface member
    • Edit—change the settings for an existing interface member
    • Delete—delete an interface member
    To add a new interface member:
    1. Select Interface Members from the SD-WAN tree.
    2. Right-click an interface member and select Create New. If the table is blank, right-click under the column headings and select Create New.
    3. Enter values in the relevant fields. See Interface member fields .
    4. Select Save.
    Interface member fields

    The Create New Interface Members and Edit Interface Members forms contain the following fields:

    Settings

    Guidelines

    Name

    Required. Name of the new interface member.

    Description

    Description of the new interface member.

    Cost

    Cost of the interface.

    The Cost field is not displayed when the ADOM version is 6.2 or higher.

    Gateway

    Enter the IPv4 address of the default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to.

    Gateway6

    Enter the IPv6 address of the default gateway for this interface. Usually the default gateway of the Internet service provider that this interface is connected to.

    Ingress Spillover Threshold

    Ingress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.

    Interface

    Required. Type the name of one or more ports. Use a comma to separate multiple ports.

    Priority

    Assign the interface a priority.

    Source

    Source IPv4 address name.

    Source6

    Source IPv6 address name.

    Spillover Threshold

    Egress spillover threshold for this interface (0 - 16776000 kbit/s). When this traffic volume threshold is reached, new sessions spill over to other interfaces in the SD-WAN.

    Volume Ratio

    Measured volume ratio (this value / sum of all values = percentage of link volume). The range is 0-255.

    Weight

    Weight of this interface for weighted load balancing. More traffic is directed to interfaces with higher weights. The weight must be in the range of 0-255.

    Create an SD-WAN template

    Use the SD-WAN > Template page to define an SD-WAN for an ADOM.

    In this area, the following actions are available:

    • Create New—define a new template
    • Edit—change the settings for an existing template
    • Delete—delete a template
    • Assign—associate a template to an ADOM
    To create a template and assign it:
    1. Select Template from the SD-WAN tree.
    2. Right-click a template and select Create New. If the table is blank, right-click under the column headings and select Create New.
    3. Enter values in the relevant fields. See Template fields .
    4. Select Save.
    5. Right-click a template and select Assign.
    6. Select the site to assign the template to and then select Save.
    Template fields

    The Create New Template and Edit Template forms contain the following fields:

    Settings

    Guidelines

    Name

    Required. Name of the new template

    Description

    Description of the new template.

    Status

    Select enable to enable the SD-WAN status.

    Interface members

    Define which physical FortiPortal interfaces belong to the SD-WAN. See Define which physical interfaces belong to the SD-WAN template.

    Performance SLA

    Define a new performance service level agreement (SLA). See Define a performance SLA for the SD-WAN template.

    SD-WAN Rule

    Define SD-WAN rules to control how sessions are distributed to physical interfaces in the SD-WAN. See Define SD-WAN rules for the SD-WAN template.

    Fail Alert Interfaces

    Select a physical interface to alert if the SD-WAN fails.

    This field is not available if FortiManager 6.2 is being used.

    Fail-Detect

    Select enable or disable to change whether the SD-WAN Internet connection is checked.

    Load Balance Mode

    SD-WAN supports five load-balance modes:

    • Source IP (source-ip-based): SD-WAN will load balance the traffic equally among its members according to a hash algorithm based on the source IP addresses.
    • Session (weight-based): SD-WAN will load balance the traffic according to the session numbers ratio among its members.
    • Spillover (usage-based): SD-WAN will use the first member until the bandwidth reaches its limit, then use the second, and so on.
    • Source-Destination IP (source-dest-ip-based): SD-WAN will load balance the traffic equally among its members according to a hash algorithm based on both the source and destination IP addresses.
    • Volume (measured-volume-based): SD-WAN will load balance the traffic according to the bandwidth ratio among its members.
    Define which physical interfaces belong to the SD-WAN template

    SD-WAN interfaces are the ports and interfaces that are used to run traffic. At least one interface must be configured for the SD-WAN to function; up to 255 member interfaces can be configured.

    To define which physical interfaces belong to the SD-WAN template:
    1. Select Template from the SD-WAN tree.
    2. Right-click a template and select Create New. If the Template table is blank, right-click under the column headings and select Create New.
    3. Right-click an interface member and select Create New. If the Interface Members table is blank, right-click under the column headings and select Create New.
    4. Enter values in the relevant fields. See Interface members fields for an SD-WAN template.
    5. Select Save.
    Interface members fields for an SD-WAN template

    Settings

    Description

    Sequence Number

    Member sequence number. The range is 0-4294967295.

    Member

    Required. Select one of the available physical interfaces.
    Define a performance SLA for the SD-WAN template

    If all links meet the SLA criteria, the FortiPortal unit uses the first link, even if that link is not the best quality link. If at any time, the link in use does not meet the SLA criteria, and the next link in the configuration meets the SLA criteria, the FortiPortal unit changes to that link. If the next link does not meet the SLA criteria, the FortiPortal unit uses the next link in the configuration if it meets the SLA criteria, and so on.

    To define a performance SLA for the SD-WAN template:
    1. Select Template from the SD-WAN tree.
    2. Right-click a template and select Create New. If the Template table is blank, right-click under the column headings and select Create New.
    3. Right-click a performance SLA and select Create New. If the Performance SLA table is blank, right-click under the column headings and select Create New.
    4. Enter values in the relevant fields. See Performance SLA fields for an SD-WAN template.
    5. Select Save.
    Performance SLA fields for an SD-WAN template

    Settings

    Description

    Name

    Required. Name of the performance SLA.

    Detect Server

    Required. Name of the server.

    Fail Time

    Number of retry attempts before the server is considered down.

    Http-agent

    String in the http-agent field in the HTTP header.

    Http-get

    If you are monitoring an HTML server you can send an HTTP-GET request with a custom string. Use this option to define the string.

    Http-match

    Response string expected from the server if the protocol is HTTP.

    Interval

    Status check interval, or the time between attempting to connect to the server. The default is 5 seconds; the range is 1 - 3600 seconds.

    Outgoing interface

    This field is available only if you are using ADOM 6.0 or 6.2 with FortiManager 6.0 or 6.2.

    • If you are using ADOM 6.2 and FortiManager 6.2, select Auto, Manual, Minimum Quality (Maximum Bandwidth), Best Quality (Priority), or Lowest Quality (SLA).
    • If you are using ADOM 6.0 and FortiManager 6.2): select Auto, Manual, Minimum Quality (Maximum Bandwidth), or Best Quality(Priority).
    • If you are using ADOM 6.0 and FortiManager 6.0): select Minimum Quality (Maximum Bandwidth) or Best Quality (Priority).

    Members

    Select the interfaces from the Available Members list and then select > to move them to the Selected Members list.

    If you selected Manual for the outgoing interface, select a single interface from the drop-down list.

    quality-link

    If you selected Auto for the outgoing interface, select the quality link from the drop-down list.
    This field is available only if you are using FortiManager 6.2.

    Criteria

    If you selected Auto for the outgoing interface, select the creiteria from the drop-down list.

    This field is available only if you are using FortiManager 6.2.

    packet-size

    Packet size of a Two-Way Active Measurement Protocol (TWAMP) test session. The range is 64-1024.

    password

    TWAMP controller password in authentication mode size.

    port

    Port number of the traffic to be used to monitor the server.

    Detect Protocol

    Protocol used to determine if the FortiPortal unit can communicate with the server. Select udp-echo, ping, tcp-echo, http, twamp, or ping6.

    recovery time

    Number of successful responses received before server is considered recovered

    Threshold-alert-jitter

    Alert threshold for jitter. The default is 0 ms; the range is 0-4294967295 ms.

    Threshold-alert-latency

    Alert threshold for latency. The default is 0 ms; the range is 0-4294967295 ms.

    Threshold-alert-packetloss

    Alert threshold for packet loss. The default is 0 percent; the range is 0-100 percent.

    threshold-warning-jitter

    Warning threshold for jitter. The default is 0 ms; the range is 0-4294967295 ms.

    threshold-warning-latency

    Warning threshold for latency. The default is 0 ms; the range is 0-4294967295 ms.

    threshold-warning-packetloss

    Warning threshold for packet loss. The default is 0 percent; the range is 0-100 percent.

    Update Cascade Interface

    Enable or disable whether the cascade interface is updated.

    Update Static Route

    Enable or disable whether the static route is updated.

    SLA

    Configure the SLA.
    To define a performance SLA for the SD-WAN template:
    1. Select Template from the SD-WAN tree.
    2. Right-click a template and select Create New. If the Template table is blank, right-click under the column headings and select Create New.
    3. Right-click a performance SLA and select Create New. If the Performance SLA table is blank, right-click under the column headings and select Create New.
    4. Right-click under the column headings in the SLA table and select Create New.
    5. Enter values in the relevant fields. See "Performance SLA fields for an SD-WAN template" on page 1.
    6. Select Save to save your SLA configuration.
    7. Select Save to save your performance SLA configuration.
    SLA fields for an SD-WAN template

    Settings

    Description

    ID

    SLA identifier.

    Jitter Threshold

    Jitter for SLA to make decision in milliseconds. The default is 5; the range is 0- 10000000.

    Latency Threshold

    Required. Latency for SLA to make decision in milliseconds. The default is 5; the range is 0- 10000000.

    Packet Loss Threshold

    Packet loss for SLA to make decision in percentage. The default is 0; the range is 0-100.
    Define SD-WAN rules for the SD-WAN template

    You can configure SD-WAN rules or priority rules (also called services) to control how sessions are distributed to physical interfaces in the SD-WAN.

    To add a new SD-WAN rule for an SD-WAN template:
    1. Select Template from the SD-WAN tree.
    2. Right-click a template and select Create New. If the Template table is blank, right-click under the column headings and select Create New.
    3. Right-click an SD-WAN rule and select Create New. If the table is blank, right-click under the column headings and select Create New.
    4. Enter values in the relevant fields. See SD-WAN rule fields for an SD-WAN template.
    5. Select Save.
    SD-WAN rule fields for an SD-WAN template

    Settings

    Description

    Name

    Priority rule name.

    Source Address

    Select the source addresses from the Available list and then select > to move them to the Selected list.

    Users

    Select the users from the Available list and then select > to move them to the Selected list.

    User Groups

    Select the user groups from the Available list and then select > to move them to the Selected list.

    Destination

    Required. Select Named Address to use destination addresses or select Internet Service to use destination Internet services.

    Destination Address

    Required. Available if Destination is set to Named Address. Select the destination addresses from the Available list and then select > to move them to the Selected list.

    Protocol

    Required. Available if Destination is set to Address. Select TCP, UDP, ANY, or Specify.

    Specify Protocol

    Required. If Protocol is set to Specify, enter the protocol number, type of service, and bit mask.

    start-port

    Integer value for starting TCP/UDP/SCTP destination port.

    end-port

    Integer value for ending TCP/UDP/SCTP destination port.

    Type of Service

    Type of service bit pattern.

    Type of Service Mask

    Type of service evaluated bits. This value determines which bits in the IP header’s TOS field are significant.

    Internet Service

    Available if Destination is set to Internet Service. Select the Internet services from the Available list and then select > to move them to the Selected list.

    Internet Service Group

    Available if Destination is set to Internet Service. Select the Internet service groups from the Available list and then select > to move them to the Selected list.

    Custom Internet Service

    Available if Destination is set to Internet Service. Select the custom Internet services from the Available list and then select > to move them to the Selected list.

    Custom Internet Service Group

    Available if Destination is set to Internet Service. Select the custom Internet service groups from the Available list and then select > to move them to the Selected list.

    internet-service-ctrl

    Available if Destination is set to Internet Service. Enter the identifier of a control-based Internet service.

    internet-service-ctrl-group

    Available if Destination is set to Internet Service. Select the name of a control-based Internet service group.

    Outgoing Interface

    Required. Select Best Quality (Priority) or Minimum Quality (Maximize Bandwidth).

    Members

    Required. Select the interfaces from the Available list and then select > to move them to the Selected list.

    Required SLA Target

    Required. Available if Outgoing Interface is set to Minimum Quality (Maximize Bandwidth). Select the appropriate performance SLA from the drop-down list.

    Status Check

    Required. Available if Outgoing Interface is set to Best Quality (Priority). Select the appropriate performance SLA to use for the status check.
    Previous
    Next