| Description |
This article explaindescribes how to prevent ADVPN shortcut SLA from being considered as the preferred link in SD-WAN, such as in cases when 'Best quality' is used. |
| Scope | FortiOS 6.4.4+. |
| Solution |
In an SD-WAN setup with ADVPN, there are scenarios when using 'Best quality' in the GUI or 'priority' mode in the CLI where the intention is for the traffic to use the best selection out of the parent tunnels' SLA only for the quality criteria. The default behavior with SD-WAN settings is to consider the SLA on shortcuts for the SD-WAN, which means that if the shortcut has the best quality criteria, it will always be selected and the traffic matching the service known as SD-WAN rules in the GUI will be sent out the shortcut interface.
This is an example configuration for the scenario:
config system sdwan config service edit 1 set mode priority <- Known as 'Best quality' in the GUI. set dst ”name of firewall address for the destination” set src “name of firewall address for the source” set link-cost-factor latency <- Known as 'Quality criteria' in the GUI. Latency is the default. set health-check “name of Performance SLAs” set priority-members “Interface member IDs for the SD-WAN Rule” next end end
To prevent the shortcut SLA from being considered, disable 'use-shortcut-sla' in the specific SD-WAN service by using the following command:
config system sdwan config service edit 1 set use-shortcut-sla disable <= This is enabled by default. Set it to disable to prevent the shortcut SLA from being considered. next end end
To verify if this is still being used or not, use the command below:
diag sys sdwan service4 1
What it looks like when it is enabled:
What it looks like when it is disabled:
Note: When disabling the use-shortcut-sla, it does not disable the SLA which means the shortcut SLA will still be listed in the output. However, it will not be considered as 'best quality'. |
