FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ighita
Staff
Staff
Article Id 189824

Description


This article describes how to configure the health check for SD-WAN links with high latency.

 

Scope

 

FortiGate.

Solution


With the default settings, the performance SLA will show a link with latency higher than 500 ms as down:


diagnose sys sdwan health-check
Health Check:
Seq(1 port1): state(dead), packet-loss(100.000%) sla_map=0x0
 
If no probe-timeout is specified, the timeout delay is the intervaldelay.
The solution is to increase the probe-timeout from CLI. This setting must be configured when it is expected for the network delay to be legitimately higher than the probing interval ( for example the probing interval of 500 ms on a 4G link with network delay >500 ms).

V6.2.
 
config system virtual-wan-link
    config health-check

        edit <name>
            set probe-timeout 2000
 
V6.4, v7.0, v7.2, v7.4 and v7.6:
 
conf system sdwan
    config health-check

        edit <name>
            set probe-timeout 2000   
            set probe-timeout   <----- Time to wait before a probe packet is considered lost (500 - 3600000 msec, default = 500 if set probe-timeout is not specified, if not then the probe-timeout is equal to the interval value).
 
Result.
 
diagnose sys sdwan health-check
Health Check
Seq(1 port1): state(alive), packet-loss(0.000%) latency(941.158), jitter(27.486) sla_map=0x0