Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hst1
Staff
Staff

Created on ‎06-08-2025 10:56 PM

Article Id 395380

Technical Tip: Behavior of SD-WAN performance SLA pass-fail logs

Description This article describes the behavior of SD-WAN performance SLA logs.
Scope FortiGate v7.2.3 and onwards.
Solution

Before v7.2.3, FortiGate by default generates SD-WAN pass and fail logs along with the packet loss, jitter, and latency information once the target SLA is enabled; however, starting from v7.2.3 onwards target SLA is not needed to send the real-time SD-WAN logs to the syslog server or FortiAnalyzer.

 

To configure the SD-WAN performance target SLA as per the screenshot below, the logs have to be forwarded to the syslog server or FortiAnalyzer.

 

Screenshot 2025-06-08 111942.png

 

The SD-WAN logs get generated at the interval of time that is specified in the performance SLA configuration.

 

To configure the pass-fail log time interval via CLI in the SD-WAN configuration: 

 

config system SDWAN 

    config health check.

        edit "Test Server"

            set sla-fail-log-period 30           <----- Fail log interval.
            set sla-pass-log-period 30           <----- Pass log interval.

        next
    end

 

SD-WAN pass logs:

 

date=2025-06-06 time=21:23:27 eventtime=1749245007370203780 logid="0113022925" type="event" subtype="sdwan" level="information" vd="root" logdesc="SDWAN SLA information" eventtype="SLA" healthcheck="Test Server" interface="port1" status="up" latency="2.674" jitter="0.021" packetloss="0.000" moscodec="g711" mosvalue="4.403" inbandwidthavailable="10.00Gbps" outbandwidthavailable="10.00Gbps" bibandwidthavailable="20.00Gbps" inbandwidthused="0kbps" outbandwidthused="43kbps" bibandwidthused="43kbps" slamap="0x0" msg="Health Check SLA status."

 

 

SD-WAN fail logs: 

 

date=2025-06-06 time=21:23:27 eventtime=1749245007370203813 logid="0113022933" type="event" subtype="sdwan" level="information" vd="root" logdesc="SDWAN SLA information" eventtype="SLA" healthcheck="Test Server" interface="port3" status="down" latency="0.00" jitter="0.000" packetloss="100.000" moscodec="g711" mosvalue="0.000" inbandwidthavailable="10.00Gbps" outbandwidthavailable="10.00Gbps" bibandwidthavailable="20.00Gbps" inbandwidthused="0kbps" outbandwidthused="43kbps" bibandwidthused="43kbps" slamap="0x0" msg="Health Check SLA status. SLA failed due to being over the performance metric threshold."
202
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.