Technical Tip: SD-WAN performance SLA health check with HTTPS protocol

Configuring HTTPS protocol in SD-WAN performance SLA uses HTTP-GET to test the link with the server.

All default HTTP-based health checks are updated to use HTTPS instead of version 7.4.1.

This includes:

• Default_AWS.
• Default_FortiGuard.
• Default_Google Search.
• Default_Office_365.

CLI Example (Output contains only important information):

sh full-configuration system sdwan

    config system sdwan
        set status enable

            config health-check

                edit "Default_Google Search"
                    set server "www.google.com"
                    set protocol https  -------> Default.
                    set interval 1000
                    set probe-timeout 1000
                    set recoverytime 10
                    set update-static-route disable
                        config sla
                            edit 1
                            next
                        end

end

When creating a new performance SLA the most commonly used protocols (ping, HTTP, and DNS) can be configured in the GUI  (Network -> SD-WAN -> Performance SLAs -> Create New).

However, the protocol HTTPS can be configured through CLI.

CLI Example (Output contains only important information):

config system sdwan

    config health-check
        edit "Facebook"
            set server "facebook.com"

            set protocol ping -------> Default for new performance SLA.
            set members 1 2
                config sla
                    edit 1
                    next
                end
        next
end

To configure HTTPS protocol:

config system sdwan

    config health-check

        edit "Facebook"

            set protocol https <-----------
        next

        end
end

The same can be verified from the GUI: