FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
akamath
Staff
Staff

Description


This article describes the SD-WAN monitor feature and how to troubleshoot the issues related to them.

Solution


After the configuration of the SD-WAN template, the units added in the template can be monitored by
Device Manager -> SD-WAN -> Monitor.

 


- The data can be monitored via 2 ways: 'Map View' and 'Table View'.
map_view.png
 
 
- By default the historical data is disabled. By enabling 'sdwan-monitor-history' historical data of last 8 days can be fetched.
# config system admin setting
    set sdwan-monitor-history enable
end
Troubleshooting.

- For issues in the Map view visibility, first verify if are able to reach the map server
# diagnose system mapserver test
Example output:
*   Trying 208.91.114.183:443...
* TCP_NODELAY set
* Connected to mapserver.fortinet.com (208.91.114.183) port 443
If the map server is not reachable make sure the DNS is resolving the domain and the port is open and allowed

- Make sure in the FortiGate, the below settings are configured:

1) From FortiGate CLI.

Performance SLA logs are generated at specific time period as defined by the below commands:

# config system virtual-wan-link
# config health-check

    edit <name>
    set sla-fail-log-period 30
    set sla-pass-log-period 60
next
end
end
- Also verify whether the monitored interface is set with the role as WAN

Go to Network -> Interfaces -> Edit -> Role -> WAN and select 'Apply'.

2) FortiManager Debug Chrome and CLI:
https://chrome.google.com/webstore/detail/fortimanagerfortianalyzer/dhdlbdcjpkjngafjclfegbbcajbfhlac
# config system dm
    set fgfm-sock-timeout 90
    set fgfm_keepalive_itvl 30
end
Then restart the fgfm tunnel:
# diagnose sys process killall fgfm
Fmg Debug:

    # diag debug reset
    # diagnose debug service sys 255
    # diag debug en
    refresh the problematic SDWAN page
    # diag debug disable
Related KB articles:
Technical Tip: FortiView Secure SD-WAN Monitor
Technical Tip: New Logic of SD-WAN templates