As a first step, 'update-cascade-interface' cannot function independently and it works with fail-detect' that needs to configure under 'config system sdwan'.
# config system sdwan set status enable set fail-detect enable <----- set fail-alert-interfaces "port3"<----- config zone edit "INTERNET" next end
# config members edit 3 set interface "port7" set zone "INTERNET" next edit 4 set interface "port1" set zone "INTERNET" set gateway 10.5.31.254 set source 10.5.25.63 next end
# config health-check edit "GOOGLE_DNS" set server "8.8.8.8" set update-cascade-interface: enable <----- By default it will be enabled. set members 4 3 next end
# config service edit 2 set name "INTERNET" set dst "all" set src "all" set priority-members 3 4 next end end
In the above example, when the health check for port1 and port7 fails,
i.e. if it is not possible to reach the configured 'server' at GGOGLE_DNS i.e 8.8.8.8, the port3 interface would be disabled as defined in the fail-alert interface.
This is shown in this output:
The status shows alive:
# diagnose sys sdwan health-check SPOKE3 # diagnose sys sdwan health-check Health Check(GOOGLE_DNS): Seq(4 port1): state(alive), packet-loss(0.000%) latency(17.164), jitter(0.032), mos(4.396), bandwidth-up(9999999), bandwidth-dw(9999934), bandwidth-bi(19999933) sla_map=0x0 Seq(3 port7): state(alive), packet-loss(0.000%) latency(17.486), jitter(0.081), mos(4.396), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998) sla_map=0x0
port3 interfaces also shows as up:
SPOKE3 # diagnose hardware deviceinfo nic port3 Name: port3 State: up Link: up
Health-check failure:
SPOKE3 # diagnose sys sdwan health-check filter name GOOGLE_DNS SPOKE3 # diagnose sys sdwan health-check status Health Check(GOOGLE_DNS): Seq(4 port1): state(dead), packet-loss(18.000%) sla_map=0x0 Seq(3 port7): state(dead), packet-loss(9.000%) sla_map=0x0
port3 interface is taken down as well:
SPOKE3 # diagnose hardware deviceinfo nic port3 Name: port3 State: down Link: down
Note. Verification of this can also be done via GUI under Log & reports -> Events -> SD-WAN Events
Related document: https://docs.fortinet.com/document/fortigate/7.0.0/cli-reference/93620/config-system-sdwan
|