| The manual strategy does not require the configuration of a health check or SLA target. However, SD-WAN does use health check results to monitor the members' status. If all Performance SLA health-checks indicate that an interface is dead, the interface will be marked as dead in all SD-WAN rules, including rules in manual mode. If all of a rule's member interfaces are marked as dead, the SD-WAN rule is disabled. config system sdwan
set status enable
config zone
edit "virtual-wan-link"
next end config members
edit 1
set interface "port9"
set gateway 10.109.31.254 set zone "virtual-wan-link" next
end config health-check
edit "sla"
set server "1.1.1.1"
set update-static-route disable
set members 1
next
end config service
edit 1
set name "rule"
set dst "8.8.8.8/32"
set priority-members 1
next
end
end When the health check fails, the interface is marked as dead: diagnose system sdwan health-check
Health Check(sla):
Seq(1 port9): state(dead), packet-loss(45.000%) sla_map=0x0 The SD-WAN rule is disabled: diagnose system sdwan service4 Service(1): Address Mode(IPV4) flags=0x200
Gen(2), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(manual)
Service disabled caused by no outgoing path.
Members(1):
1: Seq_num(1 port9), dead
Dst address(1):
8.8.8.8-8.8.8.8 This behavior can cause issues in complex environments where a given health check is intended to only apply to certain traffic. In some environments, it is desirable for an SD-WAN rule to always be matched regardless of the health check result. For example, if there is no alternative route to handle the traffic. If this behavior is not intended, apply one of the following options: - Delete all related health checks for which the members are dead. Without a health check, members are considered alive or dead according to the interface status.
- Remove the member from all failing health checks.
- Configure at least one health check for which the member will be alive.
Notes:
- An SD-WAN member is not flagged as dead when the probe succeeds but fails SLA. The member is only flagged as dead when all health checks fail to receive a valid response within the health check's probe-timeout value, for several consecutive attempts equal to the failtime value.
- Where available, it is recommended to configure two remote probe servers on the same health check rather than one, to avoid a false positive failure if one probe server fails to respond promptly.
- If update-static-route is enabled on a failing health check, static routes for the failing SD-WAN member will be marked as inactive and removed from the active routing table. In static routing environments, this can cause the member/SD-WAN rule not to be matched because it has no feasible route. This does not generate the message 'Service disabled caused by no outgoing path'. If there is another Performance SLA that is succeeding.
Related articles:
Technical Tip: SD-WAN rule in manual mode avoid Performance SLA failed Technical Tip: Explaining the SD-WAN rule matching process | 
