Technical Tip: SDWAN Performance SLA is down though target server is pingable

FortiGate can still ping the target server. But the SLA is showing 'dead'.

Example:
# exec ping 10.100.2.210
PING 10.100.2.210 (10.100.2.210): 56 data bytes
64 bytes from 10.100.2.210: icmp_seq=0 ttl=64 time=700.6 ms
64 bytes from 10.100.2.210: icmp_seq=1 ttl=64 time=700.5 ms
64 bytes from 10.100.2.210: icmp_seq=2 ttl=64 time=700.5 ms
64 bytes from 10.100.2.210: icmp_seq=3 ttl=64 time=700.4 ms
64 bytes from 10.100.2.210: icmp_seq=4 ttl=64 time=700.5 ms

--- 10.100.2.210 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 700.4/700.5/700.6 ms

# dia sys sdwan health-check TESTSLA
Health Check(TESTSLA):
Seq(3 port3): state(dead), packet-loss(100.000%) sla_map=0x0 <<===

This is due to the SLA default probe timeout setting. If the probe (ping) timeout exceeds 500ms, SLA will be rendered the target host not reachable, thus the SLA status is 'dead'.

NOTE: This can be common for satellite network setup or high latency networks.

To solve the issue, edit the probe timeout setting in SLA.

# config sys sdwan
  config health-check

 edit TESTSLA <<=== SLA object name

set probe-timeout 800 <-- unit in ms. default is 500

end

end

After making the changes, the SLA status is 'Alive'.

# dia sys sdwan health-check TESTSLA
Health Check(TESTSLA):
Seq(3 port3): state(alive), packet-loss(0.000%) latency(700.495), jitter(0.049) sla_map=0x0