I am using Fortigate 400E with FortiOS v7.0.3, and the SDWAN SLA performance configuration for the 3-link SDWAN ( SDWAN health-check ) is below:
SLA configuration and verification:
----------------------------------------------------------- 13Forti400e01 (Pingtest_to_61LAN) # show config health-check edit "Pingtest_to_61LAN" set server "10.61.200.254" set interval 1500 set probe-timeout 1000 set recoverytime 3 set members 2 11 13 config sla edit 1 set link-cost-factor latency packet-loss set latency-threshold 500 set packetloss-threshold 50 next end next end
The root reason is found, based on the Fortigate admin guide:
If the health check is used in an SD-WAN rule that usesManualorBest Qualitystrategies, enablingSLA Targetis optional. If the health check is used in an SD-WAN rule that usesLowest Cost (SLA)orMaximum Bandwidth (SLA)strategies, thenSLA Targetis enabled.
WhenSLA Targetis enabled, configure the following:
Latency threshold: Calculated based on last 30 probes (default = 5ms).
Jitter threshold: Calculated based on last 30 probes (default = 5ms).
Packet Loss threshold: Calculated based on last 100 probes (default = 0%).
I am currently using the FortiOS v7.0.3, May I know if the probe count of the Packet Loss can be adjusted ( due to I cant find this attribute to Packet Loss) ?
Forti400e01 (SLAtest_to_61LAN) # set probe-packets Enable/disable transmission of probe packets. addr-mode Address mode (IPv4 or IPv6). server IP address or FQDN name of the server. detect-mode The mode determining how to detect the server. protocol Protocol used to determine if the FortiGate can communicate with the server. ha-priority HA election priority (1 - 50). interval Status check interval in milliseconds, or the time between attempting to connect to the server (500 - 3600*1000 msec, default = 500). probe-timeout Time to wait before a probe packet is considered lost (500 - 3600*1000 msec, default = 500). failtime Number of failures before server is considered lost (1 - 3600, default = 5). recoverytime Number of successful responses received before server is considered recovered (1 - 3600, default = 5). probe-count Number of most recent probes that should be used to calculate latency and jitter (5 - 30, default = 30). diffservcode Differentiated services code point (DSCP) in the IP header of the probe packet. update-cascade-interface Enable/disable update cascade interface. update-static-route Enable/disable updating the static route. sla-fail-log-period Time interval in seconds that SLA fail log messages will be generated (0 - 3600, default = 0). sla-pass-log-period Time interval in seconds that SLA pass log messages will be generated (0 - 3600, default = 0). threshold-warning-packetloss Warning threshold for packet loss (percentage, default = 0). threshold-alert-packetloss Alert threshold for packet loss (percentage, default = 0). threshold-warning-latency Warning threshold for latency (ms, default = 0). threshold-alert-latency Alert threshold for latency (ms, default = 0). threshold-warning-jitter Warning threshold for jitter (ms, default = 0). threshold-alert-jitter Alert threshold for jitter (ms, default = 0). members Member sequence number list.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.