|
If all health-check are indicating that an interface is dead, even if it is used in the manual mode, this SD-WAN rule will be void.
# config system sdwan
set status enable
config zone
edit "virtual-wan-link"
next
end
# config members
edit 1
set interface "port9"
set gateway 10.109.31.254
next
end
# config health-check
edit "sla"
set server "1.1.1.1"
set update-static-route disable
set members 1
next
end
# config service
edit 1
set name "rule"
set dst "8.8.8.8/32"
set priority-members 1
next
end
end
When the SLA is failing the interface is marked as dead.
FortiGate-1000D # di sys sdwan health-check
Health Check(sla):
Seq(1 port9): state(dead), packet-loss(45.000%) sla_map=0x0
The rule is disabled:
FortiGate-1000D # diagnose sys sdwan service
Service(1): Address Mode(IPV4) flags=0x200
Gen(2), TOS(0x0/0x0), Protocol(0: 1->65535), Mode(manual)
Service disabled caused by no outgoing path. <-----
Members(1):
1: Seq_num(1 port9), dead
Dst address(1):
8.8.8.8-8.8.8.8
To avoid this behavior in case the configured SLA is used in different rule and to have the manual rule to be matched, it is possible to configure a SLA which will monitor different server and will still be up.
This behaviour can cause issues when there are multiple rules and in some of them SLA is configured.
But it is also necessary to have rules in manual mode which needs to be always matched.Example: in order to tag the traffic.
|
