Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Timsellis
New Contributor

Performance SLA and reporting

I am looking at setting up Performance SLA on Fortinet which i have done on Fortimanager, however what the requirement is for this is over the network report on this within the FAZ if possible.

 

What I need is a list of the devices that are on the network then along with this a count where it may have failed the various SLA targets, so for example.

Device     Ping     ICMP

80f-1 -      3              0

So I am only interested where the SLA has breached my target of say 20m/s on a monthly basis across the various SLA's not every single one.

 

Is this possible at all out of the box as can only see a handful of reports that can provide some kind of SLA but this a generalisation across the board.

3 REPLIES 3
Jean-Philippe_P
Moderator
Moderator

Hello Timsellis, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Regards,

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Regards,

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello Timsellis,

 

I found this solution. Can you tell us if it helps, please?

 

To achieve the desired report on FortiAnalyzer, you need to ensure that the necessary configurations are in place on your FortiGate and FortiAnalyzer. Here’s a step-by-step guide:

 

  1. Configure SLA Logging on FortiGate: Ensure that SLA logging is enabled on FortiGate health checks and applied to SD-WAN rules. This involves setting the `sla-fail-log-period` and `sla-pass-log-period` in the SD-WAN health-check configuration.

  2. Verify SD-WAN Configuration:
    - Ensure that SD-WAN rules specify the source address along with the protocol number, internet service, or application.
    - Confirm that SD-WAN interface members are configured with the 'WAN' role and 'Estimated bandwidth'.
    - Ensure that the firewall policy with the SD-WAN interface logs all sessions.

  3. Check Traffic Flow: Verify that traffic is passing through the SD-WAN rules by checking the FortiGate SD-WAN rules hit count.

  4. Log Collection on FortiAnalyzer: Ensure that FortiAnalyzer is receiving health check SLA status logs. You can verify this under `Logview -> Event -> SD-WAN`.

  5. Generate Reports:
    - Once FortiAnalyzer is receiving the logs, use the Secure SD-WAN monitor to view the device list with data present in each widget.
    - For specific SLA breach reports, you may need to create a custom report or use the existing report templates and modify them to focus on SLA breaches.

 

If the out-of-the-box reports do not meet your specific needs, consider creating a custom report on FortiAnalyzer that filters and displays only the SLA breaches according to your criteria.

Regards,

Jean-Philippe - Fortinet Community Team
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors