Description
This article describes how to implement performance SLA on an IPsec Tunnel using a loopback interface on the other end of the tunnel.
Use this idea when multiple IPsec tunnel for redundancy are present to maximize the feature of SD-WAN performance SLA, to make sure that FortiGate will always use the IPsec tunnel is on its best state.
Solution
Diagram.
This article describes how to implement performance SLA on an IPsec Tunnel using a loopback interface on the other end of the tunnel.
Use this idea when multiple IPsec tunnel for redundancy are present to maximize the feature of SD-WAN performance SLA, to make sure that FortiGate will always use the IPsec tunnel is on its best state.
Solution
Diagram.
- Create the IPsec site to site tunnel.
Site A.
Site B.
- Set Ipsec tunnel interface IP address. This will serve the gateway later when the IPsec is set on the SD-WAN.
Site A.
Site B.
- Set the IPsec interface on the SD-WAN config.
Site A.
Site B.
- Configure IPv4 policy for the IPsec traffic.
Site A.
Site B.
- Set a performace SLA for the SD-WAN to monitor the IPsec status when it comes in (Latency, Jitter, Packet Loss).
Troubleshooting.
Go to Network -> Performance SLA to see the status of the perf SLA that is configured.
