FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ighita
Staff
Staff

Description


This article describes how to configure the health check for SD-WAN links with high latency.

Solution


With the default settings, the performance SLA will show a link with latency higher than 500 ms as down:



 
# diagnose sys sdwan health-check
Health Check:
Seq(1 port1): state(dead), packet-loss(100.000%) sla_map=0x0
By default, the probe-timeout has the value of 500 ms, therefore if the link has a higher latency the probe will fail.

The solution is to increase the probe-timeout from CLI.

FortiOS 6.2.

# config system virtual-wan-link
# config health-check

    edit <name>
        set probe-timeout 2000
FortiOS 6.4, 7.0 and 7.2.
# conf system sdwan
# config health-check

    edit <name>
        set probe-timeout 2000   
        set probe-timeout   <----- Time to wait before a probe packet is considered lost (500 - 3600000 msec, default = 500).
Result.
# diagnose sys sdwan health-check
Health Check
Seq(1 port1): state(alive), packet-loss(0.000%) latency(941.158), jitter(27.486) sla_map=0x0


Contributors