Created on
09-27-2019
02:55 AM
Edited on
03-17-2023
03:25 AM
By
Jean-Philippe_P
Description
This article describes how to configure a source IP address for the Secure SDWAN Performance SLA feature.
For regular SD-WAN members which have an IP address configured, such as WAN interfaces, FortiOS will perform Performance SLA checking by using the interface’s IP address.
However, in secure SD-WAN, there are some VPN interfaces that do not have an IP address configured or there is an IP address configured but the IP address is not allowed in the IPsec Phase2 selector, then the FortiOS will encounter an issue when performing SD-WAN Performance SLA checking for these VPN interfaces.
Solution
By default, the VPN interface created in FortiOS does not have any IP address.
Besides, if the VPN interface is added to Secure SD-WAN members, then configure with Performance SLA to check the VPN tunnel status, the Performance SLA entry status is ‘down’ for the VPN interface, as below:
Note: Starting from FortiOS 6.4.1, 'config system virtual-wan-link' is replaced with 'config system sdwan'.
# config system sdwan
config members
edit <ID> <<<< VPN Interface member ID
set source <IP address> <<<< Interface IP which allowed in IPSec Phase2 and Policy
end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.