Description
This article describes the SD-WAN monitor feature and how to troubleshoot the issues related to them.
Solution
After the configuration of the SD-WAN template, the units added in the template can be monitored by
Device Manager -> SD-WAN -> Monitor.
- The data can be monitored via 2 ways: 'Map View' and 'Table View'.
- By default the historical data is disabled. By enabling 'sdwan-monitor-history' historical data of last 8 days can be fetched.
# config system admin settingTroubleshooting.
set sdwan-monitor-history enable
end
- For issues in the Map view visibility, first verify if are able to reach the map server
# diagnose system mapserver testExample output:
* Trying 208.91.114.183:443...If the map server is not reachable make sure the DNS is resolving the domain and the port is open and allowed
* TCP_NODELAY set
* Connected to mapserver.fortinet.com (208.91.114.183) port 443
- Make sure in the FortiGate, the below settings are configured:
1) From FortiGate CLI.
Performance SLA logs are generated at specific time period as defined by the below commands:
# config system virtual-wan-link- Also verify whether the monitored interface is set with the role as WAN
# config health-check
edit <name>
set sla-fail-log-period 30
set sla-pass-log-period 60
next
end
end
Go to Network -> Interfaces -> Edit -> Role -> WAN and select 'Apply'.
2) FortiManager Debug Chrome and CLI:
https://chrome.google.com/webstore/detail/fortimanagerfortianalyzer/dhdlbdcjpkjngafjclfegbbcajbfhlac
# config system dmThen restart the fgfm tunnel:
set fgfm-sock-timeout 90
set fgfm_keepalive_itvl 30
end
# diagnose sys process killall fgfmFmg Debug:
# diag debug reset
# diagnose debug service sys 255
# diag debug en
refresh the problematic SDWAN page
# diag debug disable
Related KB articles:
Technical Tip: FortiView Secure SD-WAN Monitor
Technical Tip: New Logic of SD-WAN templates