FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
heng
Staff
Staff
Description

This article describea how to tabulate the data in the Application Performance widget under FortiView -> Monitors -> Secure SD-WAN Monitor.

 

There are two widgets in the Secure SD-WAN Monitor that provides visibility for user application over the SD-WAN network which are:

 

1) Per-Application Performance.
2) Global-Application Performance.

 

fyheng_0-1668401860046.png

 

These datas allow for various application logging for SD-WAN health information which included latency, jitter, packet loss, and bandwidth. FortiGate side will have to send the SD-WAN event logs with Log ID: 0113022936 to have this widget tabulated.

 

fyheng_0-1668408714641.png
Scope FortiAnalyzer version 7.0 and above.
Solution

FortiGate side will need to have the following configuration settings in order to achieve this.

The following sample config highlighted in red is mandatory. Most of the config is via CLI only, few corresponding config GUI also being illustrated. 

 

The trade-off to have this data tabulated is to disable the firewall policy (the traffic offloading disabled) which disables the traffic acceleration feature on the FortiGate.

 

Note.

Interface selection strategy type 'Manual' will not support this type of event log, the supported are 'Best Quality', 'Lowest cost (SLA)', 'Maximize bandwidth (SLA)'.

 

CLI:

 

# config system sdwan
    config health-check
        edit 8.8.8.8
            set detect-mode passive
            set sla-fail-log-period <value>
            set sla-pass-log-period <value>
        next
    end


    # config service
        edit 1
            set mode priority  <----- #Best Quality.
            set internet-service enable
            set internet-service-name <applications>
            set health-check "8.8.8.8"
            set priority-members <interface ID>
            set passive-measurement enable
        next

        edit 2
            set mode sla <----- #Lowest cost (SLA).
            set internet-service enable
            set internet-service-name <applications>
            config sla
                edit "8.8.8.8"
                    set id <SLA ID>
                next
            end
            set priority-members <interface ID>
            set passive-measurement enable
        next

        edit 3
            set mode load-balance <----- #Maximize bandwidth (SLA).
            set internet-service enable
            set internet-service-name <applications>
            config sla
                edit "8.8.8.8"
                    set id <SLA ID>
                next
            end
            set priority-members <interface ID>
            set passive-measurement enable
         next
     end
end

 

# config firewall policy
    edit 1
        set passive-wan-health-measurement enable
        set utm-status enable
        set application-list "g-default"
        set auto-asic-offload disable
    next
end

 

GUI:

 

Set the detect mode to Passive. 

 

fyheng_0-1668402690317.png

 

Best Quality settings.

 

fyheng_2-1668402848664.png

 

Lowest cost (SLA) settings.

 

fyheng_0-1668402954995.png

 

Maximize bandwidth (SLA) settings.

 

fyheng_0-1668403980735.png

 

Related article:

Technical Tip: FortiView Secure SD-WAN Monitor