Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Adryan_you
Staff
Staff

Created on ‎12-28-2022 11:19 PM Edited on ‎04-17-2024 10:17 PM By Community Manager

Article Id 241359

Technical Tip: Automation Stitch to shutdown wan interface if SLA fails

 

Description This article describes how to use an automation stitch to shut down the WAN interface if SLA fails.
Scope FortiGate.
Solution

In this setup, port1 is the WAN interface. 

  1.  Create Automation Action. Use CLI script to shut and unshut port1.

 

Adryan_you_1-1672280589961.png

 

Adryan_you_3-1672280686172.png

 

Adryan_you_4-1672280732068.png

 

  1. Create 2 separate Automation trigger, like that, when the SLA fail/success, the port1 is brought down/up.

 

Note.

Both triggers have the same config.

 

Adryan_you_5-1672280876760.png

 

Adryan_you_6-1672280958513.png

 

Adryan_you_7-1672281020649.png

 

  1. Create Automation Stitch. When port1 SLA fails, port1 will be brought down. When port1 SLA is successful, then it will be brought up automatically.

 

Adryan_you_8-1672281144132.png

 

Adryan_you_9-1672281257376.png

 

 

Adryan_you_10-1672281314644.png

 

  1. Test Result.
  • port1 SLA failed. port1 shutdown automatically.

 

Adryan_you_11-1672283291076.png

 

date=2022-12-29 time=10:51:33 eventtime=1672282293501050307 tz="+0800" logid="0113022933" type="event" subtype="sdwan" level="notice" vd="root" logdesc="SDWAN SLA notification" eventtype="Health Check" healthcheck="SLA8888FGT1" interface="port1" probeproto="ping" newvalue="dead" msg="SD-WAN health-check member initial state."

 

date=2022-12-29 time=10:51:34 eventtime=1672282294142945722 tz="+0800" logid="0100020099" type="event" subtype="system" level="warning" vd="root" logdesc="Interface status changed" action="interface-stat-change" status="DOWN" msg="Link monitor: Interface port1 was turned down"

 

  • port1 SLA recover. port1 is brought up automatically.

 

Adryan_you_12-1672284142675.png

 

date=2022-12-29 time=11:14:23 eventtime=1672283663466101195 tz="+0800" logid="0113022933" type="event" subtype="sdwan" level="notice" vd="root" logdesc="SDWAN SLA notification" eventtype="Health Check" healthcheck="SLA8888FGT1" interface="port1" probeproto="ping" oldvalue="dead" newvalue="alive" msg="SD-WAN health-check member changed state."

 

date=2022-12-29 time=11:14:21 eventtime=1672283661153971871 tz="+0800" logid="0100020099" type="event" subtype="system" level="warning" vd="root" logdesc="Interface status changed" action="interface-stat-change" status="UP" msg="Link monitor: Interface port1 was turned up"
4450
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.