Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sachin_Alex_Cherian_
Staff
Staff

Created on ‎09-19-2024 05:19 AM

Article Id 342449

Troubleshooting Tip: Troubleshooting Guidelines when using the SD-WAN Bandwidth/Network Monitoring Service

Description

This article describes how SD-WAN Bandwidth/Network monitoring service is a licensed service that helps determine the network bandwidth by executing a speed test towards a cloud server. 
The results can be used to help configure interface bandwidth which can further be used with traffic shaping. The server is on the cloud, which is maintained by Fortinet. This article shares some troubleshooting steps when running into issues while trying to initiate the test.
Scope FortiGate devices which have a valid SD-WAN bandwidth monitoring license.
Solution

The guidelines on how to initiate the speed test are available in Technical Tip: How to perform SpeedTest.

At times, the speed test may fail to execute successfully. Following the guidelines below may provide further insight into the issue.

 

Step 1: Check whether the device is in HA. Make sure all devices in HA have the SD-WAN bandwidth monitor license. If the license is available for only one device in HA, the test will fail.

 

Step 2: Check connectivity to the internet.

FortiGate should be able to reach the internet from the interface where the speed test needs to be executed.

FortiGate should also be able to resolve domains or URL using its system DNS:


execute ping productapi.fortinet.com

 

Step 3: Validate in the FortiGate that the system time seen is up to date.

A time difference of more than 10 seconds between the FGT and the cloud server can cause issues with the authentication with the speed test cloud server. Having the FortiGate sync its time with an NTP server would help resolve this time difference.

Step 4: Initiate a fresh download of the list of speed test servers available currently.

 

config system speed-test-server
purge
y
end

execute speed-test-server download

Step 5: Validate the server list shown in the list.

 

exec speed-test-server list

Check the listed server groups for various regions. Make sure they show as valid.
Pick a region and then initiate the test towards it.

exec speed-test <interface_name> <mention one region as seen from listed output>

 

Do the test against multiple regions.

 

Step 6: forticldd daemon handles the service. Collect logs for the daemon.


If the above steps do not help resolve the issue, forticldd daemon logs can be checked to look for any errors:

diag debug reset
diag debug console timestamp en
diagnose debug application forticldd -1
diagnose debug enable

Initiate the speedtest either from the GUI or from the CLI.

A packet capture from the GUI or sniffer output can also be useful in understanding the cause of the issue. (Use the IP as seen from the above debug outputs collected against the forticldd daemon as a filter in sniffer or packet capture.)

diag sniffer packet any 'host x.x.x.x' 6 0 l

 

In the above command, '6' denotes the verbose level, '0' denotes the number of packets to be captured (0 means unlimited), and 'l' (small L) denotes a local timestamp.
Initiate the speedtest from the GUI or CLI.
Press Ctrl+C (to stop packet capture).
458
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.