A newly available FortiGuard-based SLA database includes popular SaaS and internet-based destinations, along with recommended settings that can be used as probe servers for SD-WAN Performance SLA configurations.

A valid SD-WAN Network Monitor (SWNM) entitlement is required on the FortiGate to download or update the FortiGuard SLA Database.

In the example below, Yahoo is used as a target from the FortiGuard SLA database in the SDWAN Performance SLA.

1. Interface configuration : 

config system interface

    edit "port3"

        set vdom "root"

        set ip 100.1.1.1 255.255.255.0

        set allowaccess ping https ssh http telnet fgfm

        set type physical

        set snmp-index 3

    next

    edit "port4"

        set vdom "root"

        set ip 200.1.1.1 255.255.255.0

        set allowaccess ping https ssh http telnet fgfm

        set type physical

        set snmp-index 4

    next

end

2. SD-WAN configuration: 

config system sdwan

    set status enable

        config zone

            edit "virtual-wan-link"

            next

        end

        config members

            edit 1

                set interface "port3"

                set gateway 100.1.1.2

            next

            edit 2

                set interface "port4"

                set gateway 200.1.1.2

            next

        end

        config health-check

            edit "Default_DNS"

                set system-dns enable

                set interval 1000

                set probe-timeout 1000

                set recoverytime 10

                    config sla

                        edit 1

                            set link-cost-factor latency jitter packet-loss

                            set latency-threshold 250

                            set jitter-threshold 50

                            set packetloss-threshold 5

                        next

                    end

            next

        end

end

3. To view the predefined targets set by the FortiGuard:

ion-kvm89 # diagnose sladb domain-list Yahoo

domain-name:www.yahoo.com

desc:Yahoo homepage and search engine

deprecated:0

sz_protocol:2

4. To list the protocols used by the Predefined targets:

ion-kvm89 # diagnose sladb protocol-list Yahoo www.yahoo.com

target-name:Yahoo

domain-name:www.yahoo.com

        protocol: ping

        protocol: https

5. To list the Predefined SLA target list: 

ion-kvm89 # diagnose sladb target-list

target-name:Yahoo

deprecated:0

sz_domain:1

6. To view the status of the SLA:

ion-kvm89 # diagnose sys sdwan health-check

Health Check(healthcheck_test):

Seq(1 port3): state(alive), packet-loss(0.000%), latency(2.938), jitter(0.034), mos(4.403), custom_profile(0.000), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998), sla_map=0x1

Seq(2 port4): state(alive), packet-loss(0.000%), latency(2.876), jitter(0.036), mos(4.403), custom_profile(0.000), bandwidth-up(9999999), bandwidth-dw(9999999), bandwidth-bi(19999998), sla_map=0x1

7. To view the ping packets sent via the FortiGate for SLA monitoring:

ion-kvm89 # diagnose sniffer packet any " host 188.125.88.206 " 4 0 l

Using Original Sniffing Mode

interfaces=[any]

filters=[ host 188.125.88.206 ]

2025-12-19 04:36:25.050568 port3 out 100.1.1.1 -> 188.125.88.206: icmp: echo request

2025-12-19 04:36:25.053523 port3 in 188.125.88.206 -> 100.1.1.1: icmp: echo reply

2025-12-19 04:36:25.544291 port3 out 100.1.1.1 -> 188.125.88.206: icmp: echo request

2025-12-19 04:36:25.547199 port3 in 188.125.88.206 -> 100.1.1.1: icmp: echo reply

2025-12-19 04:36:26.051205 port3 out 100.1.1.1 -> 188.125.88.206: icmp: echo request

2025-12-19 04:36:26.054102 port3 in 188.125.88.206 -> 100.1.1.1: icmp: echo reply

8. To view the kernel route created by the FortiGate for the targeted server:

ion-kvm89 # get router info kernel | grep 188.125.88.206

tab=65534 vf=0 vrf=0 scope=0 type=1 proto=18 prio=0 100.1.1.1/255.255.255.255/0->188.125.88.206/32 pref=0.0.0.0 gwy=100.1.1.2 dev=5(port3)