Description
This article describes how to add an SLA target to an existing Health Check. Use this SLA target on another SD-WAN rule.
Scope
FortiGate v7.0, v7.2, v7.4.
Solution
SD-WAN Performance SLA:
SD-WAN Rule:
CLI Configuration:
config system sdwan
set status enable
config zone
edit "sdwan-dc100"
next
end
config members
edit 101
set interface "advpn101"
set zone "sdwan-dc100"
set source 10.136.32.16
next
edit 102
set interface "advpn102"
set zone "sdwan-dc100"
set source 10.136.32.16
next
edit 104
set interface "advpn104"
set zone "sdwan-dc100"
next
end
config health-check
edit "SLA_DC100"
set server "10.136.64.1"
set embed-measured-health enable
set members 101 102
config sla
edit 1
set latency-threshold 55
set jitter-threshold 20
set packetloss-threshold 1
next
end
next
end
config service
edit 2
set name "SLA2"
set mode sla
set dst "192.168.2.22"
set src "192.168.1.11"
config sla
edit "SLA_DC100"
set id 1
next
end
set priority-zone "sdwan-dc100"
next
edit 1
set name "Original"
set mode sla
set dst "Corporate_subnets"
set src "Corporate_subnets"
config sla
edit "SLA_DC100"
set id 1
next
end
set priority-zone "sdwan-dc100"
next
end
end
- Add SLA target on Health check SLA_DC100 via CLI:
FGT-SDW-1 (health-check) # edit SLA_DC100
FGT-SDW-1 (SLA_DC100) # config sla
FGT-SDW-1 (sla) # edit 2
new entry '2' added
FGT-SDW-1 (2) # set latency-threshold 100
FGT-SDW-1 (2) # set jitter-threshold 30
FGT-SDW-1 (2) # set packetloss-threshold 5
FGT-SDW-1 (2) # end
FGT-SDW-1 (SLA_DC100) # end
FGT-SDW-1 (sdwan) # end
- GUI will show the 2nd SLA Target:
- It is now possible to use it on another SD-WAN Policy
Related document:
