Skip to main content
akamath
Staff
akamath
Staff
September 29, 2021

Troubleshooting Tip: Troubleshooting the FortiManager SD-WAN monitor

  • September 29, 2021
  • 0 replies
  • 7991 views

Description


This article describes the SD-WAN monitor feature and how to troubleshoot the issues related to them.

 

Scope

 

FortiManager.

Solution


After the configuration of the SD-WAN template, the units added in the template can be monitored by Device Manager -> SD-WAN -> Monitor.

 
 
  • The data can be monitored in 2 ways: 'Map View' and 'Table View'.
 
map_view.png
 
JeanPhilippe_P_0-1706092488422.png

 

  • By default, the historical data is disabled. By enabling 'sdwan-monitor-history', historical data of the last 8 days can be fetched.

 

config system admin setting
    set sdwan-monitor-history enable
end

 

Note:

This setting should be kept disabled if it is affecting CPU performance.

 

  • Another solution worth attempting is to reduce the amount of history to a smaller value. A smaller database should generally improve performance, but not sure how much gain this would make.


    config system admin-settings
        set rtm-max-monitor-by-days <value>
    end

 

Troubleshooting:

  • For issues in the Map view visibility, or reported "Internal Server Error" on the page,  first verify if it is possible to reach the map server:


SD_wan_Monitor_error.png

 

diagnose system mapserver test

execute ping mapserver.fortinet.com

 

Example output:

 

* Host mapserver.fortinet.com:443 was resolved.
* IPv6: (none)
* IPv4: 208.91.114.183
* Trying 208.91.114.183:443...
* Connected to mapserver.fortinet.com (208.91.114.183) port 443
<...>
* Connection #0 to host mapserver.fortinet.com left intact
Test download pkginfo.json successful

If the map server is not reachable, ensure the DNS is resolving the domain and the port is open and allowed.

 

  • Make sure that in the FortiGate, the following settings are configured:
  1. From the FortiGate CLI:

 

Performance SLA logs are generated at a specific time period as defined by the following commands:

config system virtual-wan-link
    config health-check
        edit <name>
            set sla-fail-log-period 30
            set sla-pass-log-period 60
        next
    end
end

Also, verify whether the monitored interface is set with the role of WAN. Go to Network -> Interfaces -> Edit -> Role -> WAN and select 'Apply'.

 

  1. FortiManager Debug Chrome and CLI: FortiManager/FortiAnalyzer Debugger 5.0.

 

config system dm
    set fgfm-sock-timeout 90
    set fgfm_keepalive_itvl 30
end

 

Then restart the FGFM tunnel:

 

diagnose sys process killall fgfm

 

FortiManager Debug:

 

diagnose debug reset

diagnose debug service sys 255

diagnose debug en

 

Refresh the problematic SD-WAN page.

 

diagnose debug disable

 

Clear mapserver cache:

 

diagnose system mapserver clearcache  <----- Introduce latest firmware v7.6.

 

Related articles:

Technical Tip: FortiView Secure SD-WAN Monitor

Technical Tip: New Logic of SD-WAN templates

Troubleshooting Tip: 0 bps value for the Upload/Download bandwidth value under the Upload and Download column in SD-WAN Monitor

Troubleshooting Tip: Map view error

    Terms & ConditionsAccessibility statement