Description
This article describes how to use 'probe-packets disable' in the SLA Performance in SD-WAN.
Solution
It is possible to disable the 'probe-packet' for a specific SLA Performance (health-check) of the SD-WAN, the scope of disabling the probe is for debug only and should not be use in a normal status.
It is possible de disable it from GUI.
Or from CLI.
Rebooting the unit while 'probe-packets' is disable could trigger an unknown status of the 'health-check' and it could affect the routing table if 'update-static-route' is enabled
The correct procedure to do not use the probe is to unset the member.
# config system sdwanEven if disabled the Fortigate will keep sending out traffic and checking the response but the result will be ignored.
# config health-check
edit "Default_FortiGuard"
set probe-packets disable
next
end
# diagnose sys sdwan health-checkNOTE.
Health Check(Default_DNS):
Seq(1 port1): state(alive), packet-loss(0.000%) latency(26.810), jitter(5.809) sla_map=0x1
Seq(2 port3): state(alive), packet-loss(0.000%) latency(26.774), jitter(5.733) sla_map=0x1
Health Check(Default_FortiGuard):
Seq(1 port1): state(alive), packet-loss(3.333%) latency(153.036), jitter(0.460) sla_map=0x1
Seq(2 port3): state(alive), packet-loss(6.667%) latency(157.907), jitter(10.215) sla_map=0x0
Rebooting the unit while 'probe-packets' is disable could trigger an unknown status of the 'health-check' and it could affect the routing table if 'update-static-route' is enabled
The correct procedure to do not use the probe is to unset the member.
From GUI.
# config system sdwanResult.
# config health-check
edit "Default_FortiGuard
unset members
next
end
