Description
This article describes the SD-WAN monitor feature and how to troubleshoot the issues related to them.
Solution
After the configuration of the SD-WAN template, the units added in the template can be monitored by
Device Manager -> SD-WAN -> Monitor.
- The data can be monitored in 2 ways: 'Map View' and 'Table View'.
- By default the historical data is disabled. By enabling 'sdwan-monitor-history' historical data of the last 8 days can be fetched.
config system admin setting
set sdwan-monitor-history enable
end
Troubleshooting.
- For issues in the Map view visibility, first, verify if it is possible to reach the map server:
diagnose system mapserver test
Example output:
* Trying 208.91.114.183:443...
* TCP_NODELAY set
* Connected to mapserver.fortinet.com (208.91.114.183) port 443
If the map server is not reachable, ensure the DNS is resolving the domain and the port is open and allowed.
- Make sure in the FortiGate, the below settings are configured:
- From FortiGate CLI.
Performance SLA logs are generated at a specific time period as defined by the below commands:
config system virtual-wan-link
config health-check
edit <name>
set sla-fail-log-period 30
set sla-pass-log-period 60
next
end
end
Also verify whether the monitored interface is set with the role of WAN. Go to Network -> Interfaces -> Edit -> Role -> WAN and select 'Apply'. - FortiManager Debug Chrome and CLI:
FortiManager/FortiAnalyzer Debugger 5.0
config system dm
set fgfm-sock-timeout 90
set fgfm_keepalive_itvl 30
end
Then restart the fgfm tunnel:
diagnose sys process killall fgfm
FortiManager Debug:
diag debug reset
diagnose debug service sys 255
diag debug en
refresh the problematic SDWAN page
diag debug disable
Related articles:
Technical Tip: FortiView Secure SD-WAN Monitor
