Created on
03-29-2022
10:50 PM
Edited on
11-18-2022
05:37 AM
By
mdeparisse_FTNT
Description
This article describes the configuration needed to display data in FortiAnalyzer secure SD-WAN monitor.
Solution
1) No Device Selected message will prompt if FortiAnalyzer does not receive the necessary SD-WAN logs.
2) In order to display data in secure SD-WAN monitor, the following requirements need to be fulfill.
3) SD-WAN rule needs to have a specify source address together with protocol number / internet service / application.
4) SLA logging needs to be enable on FortiGate health check and apply to SD-WAN Rules.
Sample configuration in FortiOS 6.4:
# config system sdwan
# config health-check
edit "ping"
set sla-fail-log-period 30
set sla-pass-log-period 60
next
end
end
5) SD-WAN interface members should have configured with 'WAN' role and 'Estimated bandwidth'.
6) Firewall policy with SDWAN interface needs to log all sessions.
7) Ensure that traffic is passing through SD-WAN rules. Verify from FortiGate SD-WAN rules hit count.
8 ) Ensure that FortiAnalyzer receiving health check sla status log in Logview -> Event -> SD-WAN.
9) Once FortiAnalyzer receive the logs, Secure SD-WAN monitor will prompt the device list with data present in each widgets.
Related article:
Troubleshooting Tip: Troubleshooting the FortiManager SD-WAN monitor
Heck yes. I've been looking for this. Thank you!
I was really disappointed when the FAZ gave me no options for devices. This solution makes perfect sense, I just wished it was called out more clearly in the docs for FAZ.
Invaluable info, thanks. This really should be spelled out in part of the mainline documentation for FortiOS and/or FAZ.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.