Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
akamath
Staff
Staff

Created on ‎09-29-2021 12:21 AM Edited on ‎07-22-2025 11:49 PM By Community Manager

Article Id 189887

Troubleshooting Tip: Troubleshooting the FortiManager SD-WAN monitor

Description


This article describes the SD-WAN monitor feature and how to troubleshoot the issues related to them.

 

Scope

 

FortiManager.

Solution


After the configuration of the SD-WAN template, the units added in the template can be monitored by Device Manager -> SD-WAN -> Monitor.

 
 
  • The data can be monitored in 2 ways: 'Map View' and 'Table View'.
 
map_view.png
 
JeanPhilippe_P_0-1706092488422.png

 

  • By default, the historical data is disabled. By enabling 'sdwan-monitor-history' historical data of the last 8 days can be fetched.

 

config system admin setting
    set sdwan-monitor-history enable
end

 

Note:

This setting should be kept disabled if it is affecting CPU performance.

 

  • Another solution worth attempting is to reduce the amount of history to a smaller value. Smaller database should generally improve performance, but not sure how much gain this would make.


    config system admin-settings
        set rtm-max-monitor-by-days <value>
    end

 

Troubleshooting:

  • For issues in the Map view visibility, first verify if it is possible to reach the map server:

 

diagnose system mapserver test

 

Example output:

 

*   Trying 208.91.114.183:443...
* TCP_NODELAY set
* Connected to mapserver.fortinet.com (208.91.114.183) port 443

 

If the map server is not reachable, ensure the DNS is resolving the domain and the port is open and allowed.

 

  • Make sure in the FortiGate, the following settings are configured:
  1. From the FortiGate CLI:

 

Performance SLA logs are generated at a specific time period as defined by the following commands:

config system virtual-wan-link
    config health-check
        edit <name>
            set sla-fail-log-period 30
            set sla-pass-log-period 60
        next
    end
end

Also, verify whether the monitored interface is set with the role of WAN. Go to Network -> Interfaces -> Edit -> Role -> WAN and select 'Apply'.

 

  1. FortiManager Debug Chrome and CLI: FortiManager/FortiAnalyzer Debugger 5.0.

 

config system dm
    set fgfm-sock-timeout 90
    set fgfm_keepalive_itvl 30
end

 

Then restart the FGFM tunnel:

 

diagnose sys process killall fgfm

 

FortiManager Debug:

 

diagnose debug reset

diagnose debug service sys 255

diagnose debug en

 

Refresh the problematic SD-WAN page.

 

diagnose debug disable

 

Clear mapserver cache:

 

diagnose system mapserver clearcache  <----- Introduce latest firmware v7.6.

 

Related articles:

Technical Tip: FortiView Secure SD-WAN Monitor

Technical Tip: New Logic of SD-WAN templates

Troubleshooting Tip: 0 bps value for the Upload/Download bandwidth value under the Upload and Downlo...

Troubleshooting Tip: Map view error

6830
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.