Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
adimailig
Staff & Editor
Staff & Editor

Created on ‎09-20-2024 05:24 AM Edited on ‎09-20-2024 05:51 AM By Moderator

Article Id 342816

Technical Tip: Viewing the status of an SD-WAN Member under the SD-WAN Monitor on the primary and secondary Fortigate

Description

This article describes how to view the status of an SD-WAN interface (member) under Dashboard -> SD-WAN Monitor on both primary and secondary FortiGate units in Active-Passive High Availability.


Scope

FortiGate.

Solution

 

The status of the SD-WAN interface (member) is a reflection of the Performance SLA status for the Interface.

1.PNG

2.PNG

 

Performance SLA is UP.

4.PNG

5.PNG

 

Performance SLA is DOWN.

 

If no Performance SLA associated with the interface or if the Performance SLA is not initiating traffic, the status will show 'Link Unknown'.

3.PNG


Status of the SD-WAN Member under the SD-WAN Monitor on Primary and Secondary Fortigate running High Availability Active-Passive:

The status under Dashboard -> SD-WAN Monitor or under SD-WAN -> Performance SLA will show the status when FortiGate is in the Primary Role and handling traffic.

Summary:

Scenario 1: Initial creation of Performance SLA
FGT_1 (Primary) and FGT_2 (Secondary)
Performance SLA FGT_1 -> UP
Performance SLA FGT_2 -> Link Unknown

Scenario 2: Failover to FGT_2
FGT_1 (Secondary) and FGT_2 (Primary)
Performance SLA FGT_1 -> UP
Performance SLA FGT_2 -> UP

 

Scenario 3: SDWAN SLA went down
FGT_1 (Secondary) and FGT_2 (Primary)
Performance SLA FGT_1 -> UP
Performance SLA FGT_2 -> DOWN

Scenario 4: SDWAN SLA still down and HA fails over to FGT_1
FGT_1 (Primary) and FGT_2 (Secondary)
Performance SLA FGT_1 -> DOWN
Performance SLA FGT_2 -> DOWN

Scenario 5: SDWAN SLA goes UP
FGT_1 (Primary) and FGT_2 (Secondary)
Performance SLA FGT_1 -> UP
Performance SLA FGT_2 -> DOWN


Scenario and GUI Output:

 

  1. After creating the Performance SLA, the Primary FortiGate (FGT_1) will start to generate traffic for the SLA. On the other hand, the Secondary Fortigate (FGT_2) is on standby and will not generate any traffic. This makes the SD-WAN status 'UP' on FGT_1 and 'Link Unknown' on FGT_2.

 

6.PNG

 

7.PNG

 

 

  1. After HA failover to FGT_2 (failover not caused by Fortigate reboot), FGT_2 will generate traffic and update the status of Performance SLA. Note that Status on FGT_1 is still showing UP.

 

8.PNG

 

9.PNG

  1. If Performance SLA went DOWN, it will only update the status on current Primary which is FGT_2. Status on FGT_1 will still show UP.

 

10.PNG

 

11.PNG

 

  1. If HA fails over to FGT_1 at this point, the SD-WAN status will be updated on FGT_1 and will show DOWN.

 

12.PNG

 

13.PNG

  1. If Performance SLA went UP, it will only update the status on current Primary which is FGT_1. Status on FGT_2 will still show DOWN.

    SD-WAN Monitor status will not change unless FGT_2 becomes Primary again or if it reboots.

 

14.PNG

 

15.PNG

1558
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.