FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 254537
Description This article describes how the forward traffic logs page can be used to identify how sessions are distributed in SD-WAN, as well as the reasons why.
Scope FortiGate 7.0 and above.

While the Forward Traffic Logs page is not specific to the SD-WAN feature, analyzing these columns in the Forward Traffic Log can still be useful in understanding how traffic is distributed in an SD-WAN environment. It is possible to identify how sessions are being forwarded between different SD-WAN paths, and potentially determine the reasons for any performance or connectivity issues.



The logs only show traffic passing through FortiGate and may not provide a complete SD-WAN view.


Enable SD-WAN columns to view SD-WAN-related information. Please refer to the reference screenshots below.

Log & Report -> Forward Traffic:






SD-WAN Internet Service:

This column shows the name of the internet service used for the traffic flow. In an SD-WAN environment, different internet services can be used to route traffic between different WAN links.


SD-WAN Quality:

This column shows the calculated quality of the SD-WAN path used for the traffic flow. This quality score is based on various metrics such as latency, packet loss, jitter, and bandwidth, and is used by FortiGate to select the best path for the traffic.



This column shows the ID of the SD-WAN rule that is being applied to the traffic flow. SD-WAN rules are used to define how traffic is routed across different WAN links based on criteria such as source/destination addresses, applications, and QoS settings.


SD-WAN Rule Name:

This column shows the name of the SD-WAN rule that is being applied to the traffic flow. This is a user-defined name that helps to identify the rule and its purpose.


Related video: