Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
HS08
Contributor

Created on ‎04-03-2025 04:59 AM

Sdwan SLA

In sdwan enviroment with one hub and multiple spokes, in which side the sdwan sla should be configure? In the hub or in every spoke?

Labels:
173
0 Kudos
1 Solution
funkylicious
SuperUser
SuperUser

Created on ‎04-03-2025 06:49 AM

https://docs.fortinet.com/document/fortigate/7.2.0/new-features/848259/embedded-sd-wan-sla-informati... would be also great to have implemented if not bgp self healing, https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-self-healing-with-bgp/559415/overview 

"jack of all trades, master of none"

View solution in original post

"jack of all trades, master of none"
147
0 Kudos
6 REPLIES 6
AEK
SuperUser
SuperUser

Created on ‎04-03-2025 06:15 AM

If the traffic is initiated only from spoke to hub then you configure SLA on spoke.

If the traffic is initiated from both sides (hub to spoke and spoke to hub) then you should configure SLA on both.

AEK
AEK
161
adambomb1219
SuperUser
SuperUser

Created on ‎04-03-2025 06:29 AM

Both

154
0 Kudos
HS08
Contributor
In response to adambomb1219

Created on ‎04-03-2025 09:57 AM

If we set the SLA both on hub and spoke, will there  have asymetric issue? Just imagine if SLA on the hub decide traffic from hub to spoke passing thru path1 and SLA on the spoke decide traffic from spoke to hub passing thru path2.

110
0 Kudos
AEK
SuperUser
SuperUser
In response to HS08

Created on ‎04-03-2025 10:31 AM

As per my knowledge, the default behavior of FortiGate is symmetric, it means the response is imperatively sent from the receiving interface, and only initiated traffic depends on SLA, not the response.

E.g.: If hub (or spoke) receives traffic from port1, the response will be sent from port1.

show system settings
    asymroute disable    (default)
end

I hope I'm not wrong when I say this is also applicable for IPsec tunnels members of SD-WAN.

AEK
AEK
99
0 Kudos
funkylicious
SuperUser
SuperUser
In response to HS08

Created on ‎04-03-2025 10:45 AM

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Usage-of-overlay-stickiness-in-multiple-ov... 

"jack of all trades, master of none"
"jack of all trades, master of none"
95
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎04-03-2025 06:49 AM

https://docs.fortinet.com/document/fortigate/7.2.0/new-features/848259/embedded-sd-wan-sla-informati... would be also great to have implemented if not bgp self healing, https://docs.fortinet.com/document/fortigate/7.0.0/sd-wan-self-healing-with-bgp/559415/overview 

"jack of all trades, master of none"
"jack of all trades, master of none"
148
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.